openapi: 3.0.1
info:
title: Identity Security Cloud Beta API
description: 'Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. These APIs are in beta and are subject to change. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.'
termsOfService: 'https://developer.sailpoint.com/discuss/tos'
contact:
name: Developer Relations
url: 'https://developer.sailpoint.com/discuss/api-help'
license:
name: MIT
url: 'https://opensource.org/licenses/MIT'
version: 3.1.0-beta
servers:
- url: 'https://{tenant}.api.identitynow.com/beta'
description: This is the beta API server.
variables:
tenant:
default: sailpoint
description: 'This is the name of your tenant, typically your company''s name.'
- url: 'https://{apiUrl}/beta'
description: This is the beta API server.
variables:
apiUrl:
default: sailpoint.api.identitynow.com
description: This is the api url of your tenant
tags:
- name: Access Model Metadata
description: |
Use this API to create and manage metadata attributes for your Access Model.
Access Model Metadata allows you to add contextual information to your ISC Access Model items using pre-defined metadata for risk, regulations, privacy levels, etc., or by creating your own metadata attributes to reflect the unique needs of your organization. This release of the API includes support for entitlement metadata. Support for role and access profile metadata will be introduced in a subsequent release.
Common usages for Access Model metadata include:
- Organizing and categorizing access items to make it easier for your users to search for and find the access rights they want to request, certify, or manage.
- Providing richer information about access that is being acted on to allow stakeholders to make better decisions when approving, certifying, or managing access rights.
- Identifying access that may requires additional approval requirements or be subject to more frequent review.
- name: Access Profiles
description: |
Use this API to implement and customize access profile functionality.
With this functionality in place, administrators can create access profiles and configure them for use throughout Identity Security Cloud, enabling users to get the access they need quickly and securely.
Access profiles group entitlements, which represent access rights on sources.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
Access profiles are the most important units of access in Identity Security Cloud. Identity Security Cloud uses access profiles in many features, including the following:
- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.
- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements.
- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.
- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role.
In Identity Security Cloud, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones.
Administrators can enable and disable an access profile, and they can also make the following configurations:
- Manage Entitlements: Manage the profile's access by adding and removing entitlements.
- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked.
Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.
- Multiple Account Options: Define the logic Identity Security Cloud uses to provision access to an identity with multiple accounts on the source.
Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles.
- name: Access Request Approvals
description: |
Use this API to implement and customize access request approval functionality.
With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles.
This enables more qualified users to review access requests and the others to spend their time on other tasks.
In Identity Security Cloud, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked.
For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked.
For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked.
If the administrator designates a governance group as the required approver, any governance group member can approve the requests.
When a user submits an access request, Identity Security Cloud sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.
In Approvals in Identity Security Cloud, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval.
If the required approver approves the request and is the only reviewer required, Identity Security Cloud grants or revokes access, based on the request.
If multiple reviewers are required, Identity Security Cloud sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration.
The required approver can then view any completed access requests under the Reviewed tab.
Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.
- name: Access Request Identity Metrics
description: |
Use this API to implement access request identity metrics functionality.
With this functionality in place, access request reviewers can see relevant details about the requested access item and associated source activity.
This allows reviewers to see how many of the identities who share a manager with the access requester have this same type of access and how many of them have had activity in the related source.
This additional context about whether the access has been granted before and how often it has been used can help those approving access requests make more informed decisions.
- name: Access Requests
description: |
Use this API to implement and customize access request functionality.
With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.
This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools.
Identity Security Cloud's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.
In the Request Center in Identity Security Cloud, users can view available applications, roles, and entitlements and request access to them.
If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them.
Users can use My Requests to track and/or cancel the requests.
In My Team on the Identity Security Cloud Home, managers can submit requests to revoke their team members' access.
They can use the My Requests tab under Request Center to track and/or cancel the requests.
Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.
- name: Account Activities
description: |
Use this API to implement account activity tracking functionality.
With this functionality in place, users can track source account activity in Identity Security Cloud, which greatly improves traceability in the system.
An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes that occur on an account throughout its life.
In Identity Security Cloud's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient.
Account activity includes most actions Identity Security Cloud completes on source accounts. Users can search in Identity Security Cloud for the following account action types:
- Access Request: These include any access requests the source account is involved in.
- Account Attribute Updates: These include updates to a single attribute on an account on a source.
- Account State Update: These include locking or unlocking actions on an account on a source.
- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.
- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state.
Identity Security Cloud replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to.
- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action.
When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.
Account Activity does not include attribute updates that occur as a result of aggregation.
- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates.
These also include refreshes that occur whenever Identity Security Cloud assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source.
- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change.
- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.
- Password Change: These include password changes on sources.
Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.
- name: Account Aggregations
description: |
Use this API to implement account aggregation progress tracking functionality.
With this functionality in place, administrators can view in-progress account aggregations, their statuses, and their relevant details.
An account aggregation refers to the process Identity Security Cloud uses to gather and load account data from a source into Identity Security Cloud.
Whenever Identity Security Cloud is in the process of aggregating a source, it adds an entry to the Aggregation Activity Log, along with its relevant details.
To view aggregation activity, administrators can select the Connections drop-down menu, select Sources, and select the relevant source, select its Import Data tab, and select Account Aggregation.
In Account Aggregation, administrators can view the account aggregations' statuses and details in the Account Activity Log.
Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about account aggregations.
- name: Account Usages
description: |
Use this API to implement account usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' source accounts are being used.
This allows organizations to get the information they need to start optimizing and securing source account usage.
- name: Accounts
description: |
Use this API to implement and customize account functionality.
With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud.
In Identity Security Cloud, an account refers to a user's account on a supported source.
This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud.
Administrators can correlate users' identities with the users' accounts on the different sources they use.
This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively.
To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab.
Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
Accounts can have the following statuses:
- Enabled: The account is enabled. The user can access it.
- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes.
- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
- Pending: The account is currently updating. This status typically lasts seconds.
Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.
- name: Application Discovery
description: |
Use this API to discover applications within your Okta connector and receive connector recommendations by manually uploading application names.
- name: Auth Profile
description: |
Auth Profile - Represents authentication configuration for an Identity Profile. This object gets created when an Identity Profile is created.
APIs can be used to retrieve and update Auth Profiles.
- name: Certification Campaigns
description: |
Use this API to implement certification campaign functionality.
With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use.
Certification campaigns provide Identity Security Cloud users with an interactive review process they can use to identify and verify access to systems.
Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers.
Once this campaign has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Identity Security Cloud provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns:
You can create these types of campaigns without using any search queries in Identity Security Cloud:
- ManagerCampaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access is certified by their managers.
You only need to provide a name and description to create one.
- Source Owner Campaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners.
You only need to provide a name and description to create one.
You can specify the sources whose owners you want involved or just run it across all sources.
For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html).
One useful way to create certification campaigns in Identity Security Cloud is to use a specific search and then run a campaign on the results returned by that search.
This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns.
For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified.
You can use Identity Security Cloud search queries to create these types of campaigns:
- Identities: Use this campaign type to review and revoke access items for specific identities.
You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign.
- Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them.
You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign.
- Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria.
You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign.
- Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in Identity Security Cloud.
You can use this campaign type to view all the uncorrelated accounts for a source and certify them.
For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html).
Once you have generated your campaign, it becomes available for preview.
An administrator can review the campaign and make changes, or if it's ready and accurate, activate it.
Once the campaign is active, organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers.
Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed).
When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review.
Reviewers can then make decisions to grant or revoke access, as well as reassign the certification to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment.
Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process.
Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items.
Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase.
In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.
In this situation, the certification campaign completes once all the remediation requests are completed.
The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision.
For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html).
- name: Certifications
description: |
Use this API to implement certification functionality.
This API provides specific functionality that improves an organization's ability to manage its certification process.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers.
Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
This API enables administrators and reviewers to get useful information about certifications at a high level, such as the reviewers involved, and at a more granular level, such as the permissions affected by changes to entitlements within those certifications.
It also provides the useful ability to reassign identities and items within certifications to other reviewers, rather than [reassigning the entire certifications themselves](https://developer.sailpoint.com/idn/api/beta/submit-reassign-certs-async/).
Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.
- name: Connector Rule Management
- name: Connectors
description: |
Use this API to implement connector functionality.
With this functionality in place, administrators can view available connectors.
Connectors are the bridges Identity Security Cloud uses to communicate with and aggregate data from sources.
For example, if it is necessary to set up a connection between Identity Security Cloud and the Active Directory source, a connector can bridge the two and enable Identity Security Cloud to synchronize data between the systems.
This ensures account entitlements and states are correct throughout the organization.
In Identity Security Cloud, administrators can use the Connections drop-down menu and select Sources to view the available source connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in Identity Security Cloud.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about using connectors in Identity Security Cloud.
- name: Custom Forms
description: |
Use this API to build and manage custom forms.
With this functionality in place, administrators can create and view form definitions and form instances.
Forms are composed of sections and fields. Sections split the form into logical groups of fields and fields are the data collection points within the form. Configure conditions to modify elements of the form as the responder provides input. Create form inputs to pass information from a calling feature, like a workflow, to your form.
Forms can be used within workflows as an action or as a trigger. The Form Action allows you to assign a form as a step in a running workflow, suspending the workflow until the form is submitted or times out, and the workflow resumes. The Form Submitted Trigger initiates a workflow when a form is submitted. The trigger can be configured to initiate on submission of a full form, a form element with any value, or a form element with a particular value.
Refer to [Forms](https://documentation.sailpoint.com/saas/help/forms/index.html) for more information about using forms in Identity Security Cloud.
- name: Custom Password Instructions
description: |
Use this API to implement custom password instruction functionality.
With this functionality in place, administrators can create custom password instructions to help users reset their passwords, change them, unlock their accounts, or recover their usernames.
This allows administrators to emphasize password policies or provide organization-specific instructions.
Administrators must first use [Update Password Org Config](https://developer.sailpoint.com/docs/api/beta/put-password-org-config/) to set `customInstructionsEnabled` to `true`.
Once they have enabled custom instructions, they can use [Create Custom Password Instructions](https://developer.sailpoint.com/docs/api/beta/create-custom-password-instructions/) to create custom page content for the specific pageId they select.
For example, an administrator can use the pageId forget-username:user-email to set the custom text for the case when users forget their usernames and must enter their emails.
Refer to [Creating Custom Instruction Text](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html#creating-custom-instruction-text) for more information about creating custom password instructions.
- name: Entitlements
description: |
Use this API to implement and customize entitlement functionality.
With this functionality in place, administrators can view entitlements and configure them for use throughout Identity Security Cloud in certifications, access profiles, and roles.
Administrators in Identity Security Cloud can then grant users access to the entitlements or configure them so users themselves can request access to the entitlements whenever they need them.
With a good approval process, this entitlement functionality allows users to gain the specific access they need on sources quickly and securely.
Entitlements represent access rights on sources.
Entitlements are the most granular form of access in Identity Security Cloud.
Entitlements are often grouped into access profiles, and access profiles themselves are often grouped into roles, the broadest form of access in Identity Security Cloud.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both.
Administrators often use roles and access profiles within those roles to manage access so that users can gain access more quickly, but the hierarchy of access all starts with entitlements.
Anywhere entitlements appear, you can select them to find more information about the following:
- Cloud Access Details: These provide details about the cloud access entitlements on cloud-enabled sources.
- Permissions: Permissions represent individual units of read/write/admin access to a system.
- Relationships: These list each entitlement's parent and child relationships.
- Type: This is the entitlement's type. Some sources support multiple types, each with a different attribute schema.
Identity Security Cloud uses entitlements in many features, including the following:
- Certifications: Entitlements can be revoked from an identity that no longer needs them.
- Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles. Role membership criteria can grant roles to identities based on whether they have certain entitlements or attributes.
- Access Profiles: Access profiles group entitlements.
They are the most important units of access in Identity Security Cloud.
Identity Security Cloud uses them in provisioning, certifications, and access requests, and administrators can configure them to grant very broad or very granular access.
You cannot delete entitlements directly from Identity Security Cloud.
Entitlements are deleted based on their inclusion in aggregations.
Refer to [Deleting Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html#deleting-entitlements) more information about deleting entitlements.
Refer to [Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html) for more information about entitlements.
- name: Governance Groups
description: |
Use this API to implement and customize Governance Group functionality. With this functionality in place, administrators can create Governance Groups and configure them for use throughout Identity Security Cloud.
A governance group is a group of users that can make governance decisions about access. If your organization has the Access Request or Certifications service, you can configure governance groups to review access requests or certifications. A governance group can determine whether specific access is appropriate for a user.
Refer to [Creating and Managing Governance Groups](https://documentation.sailpoint.com/saas/help/common/users/governance_groups.html) for more information about how to build Governance Groups in the visual builder in the Identity Security Cloud UI.
- name: IAI Access Request Recommendations
- name: IAI Common Access
- name: IAI Message Catalogs
- name: IAI Outliers
- name: IAI Peer Group Strategies
- name: IAI Recommendations
- name: IAI Role Mining
- name: Icons
description: |
Use this API to implement functionality related to object icons (application icons for example).
With this functionality in place, administrators can set or remove an icon for specific object type for use throughout Identity Security Cloud.
- name: Identities
description: |
Use this API to implement identity functionality.
With this functionality in place, administrators can synchronize an identity's attributes with its various source attributes.
Identity Security Cloud uses identities as users' authoritative accounts. Identities can own other accounts, entitlements, and attributes.
An identity has a variety of attributes, such as an account name, an email address, a job title, and more.
These identity attributes can be correlated with different attributes on different sources.
For example, the identity John.Smith can own an account in the GitHub source with the account name John-Smith-Org, and Identity Security Cloud knows they are the same person with the same access and attributes.
In Identity Security Cloud, administrators often set up these synchronizations to get triggered automatically with a change or to run on a schedule.
To manually synchronize attributes for an identity, administrators can use the Identities drop-down menu and select Identity List to view the list of identities.
They can then select the identity they want to manually synchronize and use the hamburger menu to select 'Synchronize Attributes.'
Doing so immediately begins the attribute synchronization and analyzes all accounts for the selected identity.
Refer to [Synchronizing Attributes](https://documentation.sailpoint.com/saas/help/provisioning/attr_sync.html) for more information about synchronizing attributes.
- name: Identity Attributes
- name: Identity History
- name: Identity Profiles
description: |
Use this API to implement and customize identity profile functionality.
With this functionality in place, administrators can manage identity profiles and configure them for use by identities throughout Identity Security Cloud.
Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes.
This allows administrators to save time by applying identity profiles to any number of similar identities rather than configuring each one individually.
In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles.
This list shows some details about each identity profile, along with its status. They can select an identity profile to view and modify its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings.
Administrators can also use this page to create new identity profiles or delete existing ones.
Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.
- name: Lifecycle States
description: |
Use this API to implement and customize lifecycle state functionality.
With this functionality in place, administrators can view and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.
A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with Identity Security Cloud: 'Active' and 'Inactive.'
When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes.
The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored.
This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc.
Administrators must define the criteria for being in each lifecycle state, and they must define how Identity Security Cloud manages users' access to apps and sources for each lifecycle state.
In Identity Security Cloud, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to select the lifecycle state they want to modify.
In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state:
- Enable/disable the lifecycle state for the identity profile.
- Enable/disable source accounts for the identity profile's lifecycle state.
- Add existing access profiles to grant to the identity profiles in that lifecycle state.
- Create a new access profile to grant to the identity profile in that lifecycle state.
Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state.
To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state.
For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.
During scheduled refreshes, Identity Security Cloud evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles.
If the identities are missing access, Identity Security Cloud provisions that access.
Administrators can also use the 'Provisioning' tab to configure email notifications for Identity Security Cloud to send whenever an identity with that identity profile has a lifecycle state change.
Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.
An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.'
Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses.
Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.
- name: Managed Clients
description: Read and write operations for managing client data and statuses
- name: Managed Clusters
description: 'Operations for accessing and managing client Clusters, including Log Configuration'
- name: MFA Configuration
description: Configure and test multifactor authentication (MFA) methods
- name: MFA Controller
description: This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method
- name: Non-Employee Lifecycle Management
description: |
Use this API to implement non-employee lifecycle management functionality.
With this functionality in place, administrators can create non-employee records and configure them for use in their organizations.
This allows organizations to provide secure access to non-employees and control that access.
The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee.
Organizations can track non-employees' access and activity in Identity Security Cloud by creating and maintaining non-employee sources.
Organizations can have a maximum of 50 non-employee sources.
By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:
- SailPoint is not responsible for storing sensitive data.
You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in Identity Security Cloud.
- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.
To manage non-employees in Identity Security Cloud, administrators must create a non-employee source and add accounts to the source.
To create a non-employee source in Identity Security Cloud, administrators must use the Admin panel to go to Connections > Sources.
They must then specify 'Non-Employee' in the 'Source Type' field.
Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.
To add accounts to a non-employee source in Identity Security Cloud, administrators can select the non-employee source and add the accounts.
They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to.
Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts.
To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file.
Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.
Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities.
Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.
- name: Notifications
- name: OAuth Clients
description: |
Use this API to implement OAuth client functionality.
With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the Identity Security Cloud REST API.
Refer to [Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information about OAuth and how it works with the Identity Security Cloud REST API.
- name: Org Config
description: Operations for managing org configuration settings (eg. time zone)
- name: Password Configuration
description: |
Use this API to implement organization password configuration functionality.
With this functionality in place, organization administrators can create organization-specific password configurations.
These configurations include details like custom password instructions, as well as digit token length and duration.
Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality.
- name: Password Dictionary
description: |
Use this API to implement password dictionary functionality.
With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords.
A password dictionary is a list of words or characters that users are prevented from including in their passwords.
This can help protect users from themselves and force them to create passwords that are not easy to break.
A password dictionary must meet the following requirements to for the API to handle them correctly:
- It must be in .txt format.
- All characters must be UTF-8 characters.
- Each line must contain a single word or character with no spaces or whitespace characters.
- It must contain at least one line other than the locale string.
- Each line must not exceed 128 characters.
- The file must not exceed 2500 lines.
Administrators should also consider the following when they create their dictionaries:
- Lines starting with a # represent comments.
- All words in the password dictionary are case-insensitive.
For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.
- The dictionary uses substring matching.
For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.
Users can then select 'Change Password' to update their passwords.
Administrators must do the following to create a password dictionary:
- Create the text file that will contain the prohibited password values.
- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`
The languageCode value refers to the language's 2-letter ISO 639-1 code.
The countryCode value refers to the country's 2-letter ISO 3166-1 code.
Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.
- Upload the .txt file to Identity Security Cloud with [Update Password Dictionary](https://developer.sailpoint.com/docs/api/beta/put-password-dictionary). Uploading a new file always overwrites the previous dictionary file.
Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.
Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.
- name: Password Management
description: |
Use this API to implement password management functionality.
With this functionality in place, users can manage their identity passwords for all their applications.
In Identity Security Cloud, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager.
Password Manager lists the user's identity's applications, possibly grouped to share passwords.
Users can then select 'Change Password' to update their passwords.
Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually.
Password Manager may list the applications and sources in the following groups:
- Password Group: This refers to a group of applications that share a password.
For example, a user can use the same password for Google Drive, Google Mail, and YouTube.
Updating the password for the password group updates the password for all its included applications.
- Multi-Application Source: This refers to a source with multiple applications that share a password.
For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications.
Updating the password for the multi-application source updates the password for all its included applications.
- Applications: These are applications that do not share passwords with other applications.
An organization may require some authentication for users to update their passwords.
Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates.
Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.
- name: Password Policies
description: |
Use these APIs to implement password policies functionality.
These APIs allow you to define the policy parameters for choosing passwords.
IdentityNow comes with a default policy that you can modify to define the password requirements your users must meet to log in to IdentityNow, such as requiring a minimum password length, including special characters, and disallowing certain patterns.
If you have licensed Password Management, you can create additional password policies beyond the default one to manage passwords for supported sources in your org.
In the Identity Security Cloud Admin panel, administrators can use the Password Mgmt dropdown menu to select Sync Groups.
Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/pwd_policies.html) for more information about password policies.
- name: Password Sync Groups
description: |
Use this API to implement password sync group functionality.
With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password.
This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually.
A password sync group is a group of applications that shares a password.
Administrators create these groups by grouping the applications' sources.
For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password.
A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually.
The following are required for administrators to create a password sync group in Identity Security Cloud:
- At least two direct connect sources connected to Identity Security Cloud and configured for Password Management.
- Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources.
- At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies.
In the Admin panel in Identity Security Cloud, administrators can use the Password Mgmt dropdown menu to select Sync Groups.
To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group.
Administrators can also delete sync groups in Identity Security Cloud, but they should know the following before they do:
- Passwords related to the associated sources will become independent, so changing one will not change the others anymore.
- Passwords for the sources' connected applications will also become independent.
- Password policies assigned to the sync group are then assigned directly to the associated sources.
To change the password policy for a source, administrators must edit it directly.
Once the password sync group has been created, users can update the password for the group in Password Manager.
Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups.
- name: Personal Access Tokens
description: |
Use this API to implement personal access token (PAT) functionality.
With this functionality in place, users can use PATs as an alternative to passwords for authentication in Identity Security Cloud.
PATs embed user information into the client ID and secret.
This replaces the API clients' need to store and provide a username and password to establish a connection, improving Identity Security Cloud organizations' integration security.
In Identity Security Cloud, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens.
They must then provide a description about the token's purpose.
They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID.
Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.
- name: Public Identities Config
description: |
Use this API to implement public identity configuration functionality.
With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions.
This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager.
However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.
Administrators can use this API to make those necessary identity attributes public to non-administrators.
For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department.
If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/docs/api/beta/update-public-identity-config/) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information.
- name: Requestable Objects
description: |
Use this API to implement requestable object functionality.
With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/docs/api/beta/access-requests/), along with their statuses.
This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.
- name: Role Insights
- name: Roles
description: |
Use this API to implement and customize role functionality.
With this functionality in place, administrators can create roles and configure them for use throughout Identity Security Cloud.
Identity Security Cloud can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.
Entitlements represent the most granular level of access in Identity Security Cloud.
Access profiles represent the next level and often group entitlements.
Roles represent the broadest level of access and often group access profiles.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both.
Roles often represent positions within organizations.
For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role.
If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.
In Identity Security Cloud, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones.
Administrators can enable and disable the role, and they can also make the following configurations:
- Manage Access: Manage the role's access by adding or removing access profiles.
- Define Assignment: Define the criteria Identity Security Cloud uses to assign the role to identities.
Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes.
Use the second, 'Identity List,' to specify the identities for assignment.
- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked.
Do not configure a role to be requestable without establishing a secure access request approval process for that role first.
Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/access/roles.html) for more information about roles.
- name: Search Attribute Configuration
- name: Segments
description: |
Use this API to implement and customize access request segment functionality.
With this functionality in place, administrators can create and manage access request segments.
Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access.
Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments.
For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location.
The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items.
In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page.
This page lists all the existing access request segments, along with their statuses, enabled or disabled.
Administrators can use this page to create, edit, enable, disable, and delete segments.
To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access.
These items can be access profiles, roles, or entitlements.
When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items.
Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in Identity Security Cloud.
- name: Service Desk Integration
description: |
Use this API to build an integration between Identity Security Cloud and a service desk ITSM (IT service management) solution.
Once an administrator builds this integration between Identity Security Cloud and a service desk, users can use Identity Security Cloud to raise and track tickets that are synchronized between Identity Security Cloud and the service desk.
In Identity Security Cloud, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'
To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page.
Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in Identity Security Cloud.
Administrators can create various service desk integrations, all with their own nuances.
The following service desk integrations are available:
- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)
- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)
- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)
- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)
- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)
- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)
- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html)
- name: SIM Integrations
description: |
Use this API to administer IdentityNow's Service Integration Module, or SIM integration with ServiceNow, so that it converts IdentityNow provisioning actions into tickets in ServiceNow.
ServiceNow is a software platform that supports IT service management and automates common business processes for requesting and fulfilling service requests across a business enterprise.
You must have an IdentityNow ServiceNow ServiceDesk license to use this integration. Contact your Customer Success Manager for more information.
Service Desk integration for IdentityNow and in deprecation - not available for new implementation, as of July 21st, 2021. As per SailPoint’s [support policy](https://community.sailpoint.com/t5/Connector-Directory/SailPoint-Support-Policy-for-Connectivity/ta-p/79422), all existing SailPoint IdentityNow customers using this legacy integration will be supported until July 2022.
- name: SOD Policies
description: |
Use this API to implement and manage "separation of duties" (SOD) policies.
With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'.
To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists.
They can search for the entitlements they want to add to these access lists.
>Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list.
Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'.
They can create a subscription to the policy and schedule it to run at a regular interval.
Refer to [Managing Policies](https://documentation.sailpoint.com/saas/help/sod/manage-policies.html) for more information about SOD policies.
Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions.
- name: SOD Violations
description: |
Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations.
With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation.
This second option is a good way to prevent SOD violations from triggering at all.
Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations.
- name: Source Usages
description: |
Use this API to implement source usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' sources are being used.
This allows organizations to get the information they need to start optimizing and securing source usage.
- name: Sources
description: |
Use this API to implement and customize source functionality.
With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way.
[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.
Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records.
Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all.
Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need.
If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources.
If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately.
These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure.
In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.
They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.
Admins go to Connections > Sources to see a list of the existing source representations in their organizations.
They can create new sources or select existing ones.
To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.
Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process.
Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.
Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector.
SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors.
Refer to the following links for more information about two useful connectors:
- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).
- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources.
When admins select existing sources, they can view the following information about the source:
- Associated connections (any associated identity profiles, apps, or references to the source in a transform).
- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.
- Associated entitlements (sets of access rights on sources).
- Associated access profiles (groupings of entitlements).
The user account data and the entitlements update with each data aggregation from the source.
Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud.
Admins can view a history of these aggregations, and they can also run manual imports.
Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations.
Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data.
To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source.
Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them.
To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source.
Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.
Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.
Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources.
Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected.
- name: SP-Config
description: Import and export configuration for some objects between tenants.
- name: Suggested Entitlement Description
description: |
Use this API to leverage power of LLM to generate suggested entitlement description.
- name: Tagged Objects
description: |
Use this API to implement object tagging functionality.
With object tagging functionality in place, any user in an organization can use tags as a way to group objects together and find them more quickly when the user searches Identity Security Cloud.
In Identity Security Cloud, users can search their tenants for information and add tags objects they find.
Tagging an object provides users with a way of grouping objects together and makes it easier to find these objects in the future.
For example, if a user is searching for an entitlement that grants a risky level of access to Active Directory, it's possible that the user may have to search through hundreds of entitlements to find the correct one.
Once the user finds that entitlement, the user can add a tag to the entitlement, "AD_RISKY" to make it easier to find the entitlement again.
The user can add the same tag to multiple objects the user wants to group together for an easy future search, and the user can also do so in bulk.
When the user wants to find that tagged entitlement again, the user can search for "tags:AD_RISKY" to find all objects with that tag.
With the API, you can tag even more different object types than you can in Identity Security Cloud (access profiles, entitlements, identities, and roles).
You can use the API to tag all these objects:
- Access profiles
- Applications
- Certification campaigns
- Entitlements
- Identities
- Roles
- SOD (separation of duties) policies
- Sources
You can also use the API to directly find, create, and manage tagged objects without using search queries.
There are limits to tags:
- You can have up to 500 different tags in your tenant.
- You can apply up to 30 tags to one object.
- You can have up to 10,000 tag associations, pairings of 1 tag to 1 object, in your tenant.
Because of these limits, it is recommended that you work with your governance experts and security teams to establish a list of tags that are most expressive of governance objects and access managed by Identity Security Cloud.
These are the types of information often expressed in tags:
- Affected departments
- Compliance and regulatory categories
- Remediation urgency levels
- Risk levels
Refer to [Tagging Items in Search](https://documentation.sailpoint.com/saas/help/search/index.html?h=tags#tagging-items-in-search) for more information about tagging objects in Identity Security Cloud.
- name: Task Management
- name: Tenant
description: API for reading tenant details.
- name: Transforms
description: 'Operations for creating, managing, and deleting transforms.'
- name: Triggers
description: |
Event Triggers provide real-time updates to changes in Identity Security Cloud so you can take action as soon as an event occurs, rather than poll an API endpoint for updates. Identity Security Cloud provides a user interface within the admin console to create and manage trigger subscriptions. These endpoints allow for programatically creating and managing trigger subscriptions.
There are two types of event triggers:
* `FIRE_AND_FORGET`: This trigger type will send a payload to each subscriber without needing a response. Each trigger of this type has a limit of **50 subscriptions**.
* `REQUEST_RESPONSE`: This trigger type will send a payload to a subscriber and expect a response back. Each trigger of this type may only have **one subscription**.
## Available Event Triggers
Production ready event triggers that are available in all tenants.
| Name | ID | Type | Trigger condition |
|-|-|-|-|
| [Access Request Dynamic Approval](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-dynamic-approval/) | idn:access-request-dynamic-approver | REQUEST_RESPONSE |After an access request is submitted. Expects the subscriber to respond with the ID of an identity or workgroup to add to the approval workflow. |
| [Access Request Decision](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision/) | idn:access-request-post-approval | FIRE_AND_FORGET | After an access request is approved. |
| [Access Request Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted/) | idn:access-request-pre-approval | REQUEST_RESPONSE | After an access request is submitted. Expects the subscriber to respond with an approval decision. |
| [Account Aggregation Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:account-aggregation-completed | FIRE_AND_FORGET | After an account aggregation completed, terminated, failed. |
| Account Attributes Changed | idn:account-attributes-changed | FIRE_AND_FORGET | After an account aggregation, and one or more account attributes have changed. |
| Account Correlated | idn:account-correlated | FIRE_AND_FORGET | After an account is added to an identity. |
| Accounts Collected for Aggregation | idn:aggregation-accounts-collected | FIRE_AND_FORGET | New, changed, and deleted accounts have been gathered during an aggregation and are being processed. |
| Account Uncorrelated | idn:account-uncorrelated | FIRE_AND_FORGET | After an account is removed from an identity. |
| Campaign Activated | idn:campaign-activated | FIRE_AND_FORGET | After a campaign is activated. |
| Campaign Ended | idn:campaign-ended | FIRE_AND_FORGET | After a campaign ends. |
| Campaign Generated | idn:campaign-generated | FIRE_AND_FORGET | After a campaign finishes generating. |
| Certification Signed Off | idn:certification-signed-off | FIRE_AND_FORGET | After a certification is signed off by its reviewer. |
| [Identity Attributes Changed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:identity-attributes-changed | FIRE_AND_FORGET | After One or more identity attributes changed. |
| [Identity Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-created/) | idn:identity-created | FIRE_AND_FORGET | After an identity is created. |
| [Provisioning Action Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed/) | idn:post-provisioning | FIRE_AND_FORGET | After a provisioning action completed on a source. |
| [Scheduled Search](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/scheduled-search/) | idn:saved-search-complete | FIRE_AND_FORGET | After a scheduled search completed. |
| [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-created/) | idn:source-created | FIRE_AND_FORGET | After a source is created. |
| [Source Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-deleted/) | idn:source-deleted | FIRE_AND_FORGET | After a source is deleted. |
| [Source Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-updated/) | idn:source-updated | FIRE_AND_FORGET | After configuration changes have been made to a source. |
| [VA Cluster Status Change](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/va-cluster-status-change/) | idn:va-cluster-status-change | FIRE_AND_FORGET | After the status of a VA cluster has changed. |
## Early Access Event Triggers
Triggers that are in-development and not ready for production use. Please contact support to enable these triggers in your tenant.
| Name | ID | Type | Trigger condition |
|-|-|-|-|
| [Identity Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-deleted/) | idn:identity-deleted | FIRE_AND_FORGET | After an identity is deleted. |
| [Source Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-created/) | idn:source-account-created | FIRE_AND_FORGET | After a source account is created. |
| [Source Account Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-deleted/) | idn:source-account-deleted | FIRE_AND_FORGET | After a source account is deleted. |
| [Source Account Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-updated/) | idn:source-account-updated | FIRE_AND_FORGET | After a source account is changed. |
- name: UI Metadata
description: |-
API for managing UI Metadata. Use this API to manage metadata about your User Interface.
For example you can set the iFrameWhitelist parameter to permit another domain to encapsulate IDN within an iframe or set the usernameEmptyText to change the placeholder text for Username on your tenant's login screen.
- name: Work Items
description: |
Use this API to implement work item functionality.
With this functionality in place, users can manage their work items (tasks).
Work items refer to the tasks users see in Identity Security Cloud's Task Manager.
They can see the pending work items they need to complete, as well as the work items they have already completed.
Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created.
For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp.
Once the user completes the work item, the work item will be listed with his or her other completed work items.
To complete work items, users can use their dashboards and select the 'My Tasks' widget.
The widget will list any work items they need to complete, and they can select the work item from the list to review its details.
When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items.
Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.
- name: Work Reassignment
description: |
Use this API to implement work reassignment functionality.
Work Reassignment allows access request reviews, certifications, and manual provisioning tasks assigned to a user to be reassigned to a different user. This is primarily used for:
- Temporarily redirecting work for users who are out of office, such as on vacation or sick leave
- Permanently redirecting work for users who should not be assigned these tasks at all, such as senior executives or service identities
Users can define reassignments for themselves, managers can add them for their team members, and administrators can configure them on any user’s behalf. Work assigned during the specified reassignment timeframes will be automatically reassigned to the designated user as it is created.
Refer to [Work Reassignment](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html) for more information about this topic.
- name: Workflows
description: |
Workflows allow administrators to create custom automation scripts directly within Identity Security Cloud. These automation scripts respond to [event triggers](https://developer.sailpoint.com/docs/extensibility/event-triggers/#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the Identity Security Cloud UI. Workflows can be configured via a graphical user interface within Identity Security Cloud, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST.
security:
- UserContextAuth: []
components:
securitySchemes:
UserContextAuth:
type: oauth2
description: |
OAuth2 Bearer token (JWT) generated using either a Personal Access token or through the Authorization Code flow.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
- Directions for generating a [personal access token](https://developer.sailpoint.com/docs/api/authentication/#personal-access-tokens)
- Directions using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#client-credentials-grant-flow)
- Directions for using [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#authorization-code-grant-flow)
Which authentication method should I choose? See the [guide](https://developer.sailpoint.com/docs/api/authentication/#which-oauth-20-grant-flow-should-i-use).
Learn more about how to find your `tokenUrl` and `authorizationUrl` [in the docs](https://developer.sailpoint.com/docs/api/authentication/#find-your-tenants-oauth-details).
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
authorizationCode:
authorizationUrl: 'https://tenant.login.sailpoint.com/oauth/authorize'
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
ApplicationOnlyAuth:
type: oauth2
description: |
OAuth2 Bearer token (JWT) generated using client credentials flow.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
- Directions using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#client-credentials-grant-flow)
Which authentication method should I choose? See the [guide](https://developer.sailpoint.com/docs/api/authentication/#which-oauth-20-grant-flow-should-i-use).
Learn more about how to find your `tokenUrl` and `authorizationUrl` [in the docs](https://developer.sailpoint.com/docs/api/authentication/#find-your-tenants-oauth-details).
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
schemas:
AccountAggregation:
type: object
properties:
start:
type: string
format: date-time
example: '2021-01-31T14:30:05.104Z'
description: When the aggregation started.
status:
type: string
enum:
- STARTED
- ACCOUNTS_COLLECTED
- COMPLETED
- CANCELLED
- RETRIED
- TERMINATED
example: ACCOUNTS_COLLECTED
description: |
STARTED - Aggregation started, but source account iteration has not completed.
ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed.
COMPLETED - Aggregation completed (*possibly with errors*).
CANCELLED - Aggregation cancelled by user.
RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance.
TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance.
totalAccounts:
type: integer
example: 520
description: 'The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
processedAccounts:
type: integer
example: 150
description: 'The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
ApprovalItems:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
slimcampaign:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
fullcampaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
IdentityProfile:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
ManagedClient:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
type: string
example: aClientId
alertKey:
description: ManagedClient alert key
readOnly: true
type: string
example: anAlertKey
apiGatewayBaseUrl:
description: ManagedClient gateway base url
readOnly: true
type: string
example: 'https://denali-xxx.api.cloud.sailpoint.com'
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: aClientApiId
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: aClusterId
cookbook:
description: VA cookbook
readOnly: true
type: string
example: va-cookbook-info
description:
description: ManagedClient description
type: string
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
type: string
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
allOf:
- type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
ManagedClientStatus:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
alertKey: ''
id: '5678'
clusterId: '1234'
ccg_etag: ccg_etag123xyz456
ccg_pin: NONE
cookbook_etag: 20210420125956-20210511144538
hostname: megapod-useast1-secret-hostname.sailpoint.com
internal_ip: 127.0.0.1
lastSeen: '1620843964604'
sinceSeen: '14708'
sinceSeenMillis: '14708'
localDev: false
stacktrace: ''
state: null
status: NORMAL
uuid: null
product: idn
va_version: null
platform_version: '2'
os_version: 2345.3.1
os_type: flatcar
hypervisor: unknown
status:
description: status of the Managed Client
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
MessageCatalogDto:
type: object
properties:
locale:
type: string
description: The language in which the messages are returned
example: en_US
messages:
type: array
items:
type: object
properties:
key:
type: string
description: The key of the message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW
format:
type: string
description: The format of the message
example: '{0,,\"i18n hint: percentage\"}% of identities with the same {1,,\"i18n hint: name of category feature\"} have this access. This information had a low impact on the overall score.'
description: The list of message with their keys and formats
PeerGroupMember:
type: object
properties:
id:
type: string
description: A unique identifier for the peer group member.
type:
type: string
description: The type of the peer group member.
peer_group_id:
type: string
description: The ID of the peer group.
attributes:
type: object
additionalProperties:
type: object
description: 'Arbitrary key-value pairs, belonging to the peer group member.'
RecommendationRequestDto:
type: object
properties:
requests:
type: array
items:
description: List of requests to retrieve recommendations
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
excludeInterpretations:
type: boolean
description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified.
default: 'false'
example: 'false'
includeTranslationMessages:
type: boolean
description: 'When set to true, the calling system uses the translated messages for the specified language'
default: 'false'
example: 'false'
includeDebugInformation:
type: boolean
description: Returns the recommender calculations if set to true
default: 'false'
example: 'true'
prescribeMode:
type: boolean
description: 'When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.'
default: 'false'
example: 'false'
RecommendationResponseDto:
type: object
properties:
response:
type: array
items:
type: object
properties:
request:
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
recommendation:
type: string
example: 'YES'
description: 'The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system'
enum:
- 'YES'
- 'NO'
- MAYBE
- NOT_FOUND
interpretations:
type: array
items:
type: string
description: 'The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client''s locale as found in the Accept-Language header. If a translation for the client''s locale cannot be found, the US English translation will be returned.'
example:
- 75% of identities with the same department have this access. This information had a high impact on the overall score.
- 67% of identities with the same peer group have this access. This information had a low impact on the overall score.
- 42% of identities with the same location have this access. This information had a low impact on the overall score.
translationMessages:
type: array
example:
- key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
- '75'
- department
items:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
description: 'The list of translation messages, if they have been requested.'
recommenderCalculations:
description: The calcuations performed behind the scenes that provide recommendations to the user.
properties:
identityId:
type: string
description: The ID of the identity
example: 2c91808457d8f3ab0157e3e62cb4213c
entitlementId:
type: string
description: The entitlement ID
example: 2c91809050db617d0150e0bf3215385e
recommendation:
type: string
description: The actual recommendation
example: 'YES'
overallWeightedScore:
type: number
description: The overall weighted score
featureWeightedScores:
type: object
description: The weighted score of each individual feature
additionalProperties:
type: number
threshold:
type: number
description: The configured value against which the overallWeightedScore is compared
identityAttributes:
type: object
description: The values for your configured features
additionalProperties:
type: object
properties:
value:
type: string
featureValues:
description: The feature details
type: object
properties:
feature:
type: string
description: The type of feature
example: department
numerator:
type: integer
format: int32
example: 14
description: The number of identities that have access to the feature
denominator:
type: integer
format: int32
example: 14
description: The number of identities with the corresponding feature
RemediationItems:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
SearchAttributeConfig:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
WorkItems:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
WorkItemsCount:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
WorkItemsSummary:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
Form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
FormItem:
type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
Section:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
Field:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
displayName:
type: string
description: Display name of the field
example: Field 1
displayType:
type: string
description: Type of the field to display
example: checkbox
required:
type: boolean
description: True if the field is required
allowedValuesList:
type: array
items:
type: object
description: List of allowed values for the field
example:
- Val1Display: null
Val1Value: null
- Val2Display: null
Val2Value: null
value:
type: object
description: Value of the field
AccountUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
SourceUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
SourceUsageStatus:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
paths:
/access-model-metadata/attributes:
get:
summary: List Access Model Metadata Attributes
description: Get a list of Access Model Metadata Attributes
tags:
- Access Model Metadata
operationId: listAccessModelMetadataAttribute
security:
- UserContextAuth:
- 'idn:access-model-metadata:read'
parameters:
- in: query
name: filters
schema:
type: string
example: name eq "Privacy"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq*
**type**: *eq*
**status**: *eq*
**objectTypes**: *eq*
Supported composite operators: *and*
responses:
'200':
description: OK
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}':
get:
summary: Get Access Model Metadata Attribute
description: Get single Access Model Metadata Attribute
tags:
- Access Model Metadata
operationId: getAccessModelMetadataAttribute
security:
- UserContextAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}/values':
get:
summary: List Access Model Metadata Values
description: Get a list of Access Model Metadata Attribute Values
tags:
- Access Model Metadata
operationId: listAccessModelMetadataAttributeValue
security:
- UserContextAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
responses:
'200':
description: OK
content:
application/json:
schema:
type: array
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}/values/{value}':
get:
summary: Get Access Model Metadata Value
description: Get single Access Model Metadata Attribute Value
tags:
- Access Model Metadata
operationId: getAccessModelMetadataAttributeValue
security:
- UserContextAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: value
in: path
required: true
schema:
type: string
description: Technical name of the Attribute value.
example: public
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-profiles:
get:
operationId: listAccessProfiles
tags:
- Access Profiles
summary: List Access Profiles
description: |-
Use this API to get a list of access profiles.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: |-
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID, or the special value **me**, which is shorthand for the calling identity's ID.
A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an identity that is not a subadmin.
example: 8c190e6787aa4ed9a90bd9d5344523fb
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
**source.id**: *eq, in*
Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
example: name eq "SailPoint Support"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters access profiles to those which are assigned to the segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Indicates whether the response list should contain unsegmented access profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
example: false
required: false
responses:
'200':
description: List of access profiles.
content:
application/json:
schema:
type: array
items:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
- 'idn:access-profile:manage'
post:
operationId: createAccessProfile
tags:
- Access Profiles
summary: Create Access Profile
description: |-
Use this API to create an access profile.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the access profile's Source.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
responses:
'201':
description: Access profile created.
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
'/access-profiles/{id}':
get:
operationId: getAccessProfile
tags:
- Access Profiles
summary: Get an Access Profile
description: |-
This API returns an Access Profile by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Access Profile
example: 2c9180837ca6693d017ca8d097500149
responses:
'200':
description: An AccessProfile
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
- 'idn:access-profile:manage'
patch:
operationId: patchAccessProfile
tags:
- Access Profiles
summary: Patch a specified Access Profile
description: |-
This API updates an existing Access Profile. The following fields are patchable:
**name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.
> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
parameters:
- name: id
in: path
description: ID of the Access Profile to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Add Entitlements:
description: Add one or more entitlements to the end of the list
value:
- op: add
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Insert Entitlement:
description: Add an entitlement at the beginning of the entitlement list
value:
- op: add
path: /entitlements/0
value:
id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Replace Entitlements:
description: Replace all entitlements with a new list of entitlements
value:
- op: replace
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Remove Entitlement:
description: Remove the first entitlement in the list
value:
- op: remove
path: /entitlements/0
required: true
responses:
'200':
description: Responds with the Access Profile as updated.
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
delete:
operationId: deleteAccessProfile
tags:
- Access Profiles
summary: Delete the specified Access Profile
description: |-
This API deletes an existing Access Profile.
The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.
parameters:
- name: id
in: path
description: ID of the Access Profile to delete
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Returned when an access profile cannot be deleted as it's being used.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.2.1.0 Object in use by another:
description: Returned when an access profile cannot be deleted as it's being used
value:
detailCode: 400.2.1.0 Object in use by another
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The "testAccessProfile" access profile can't be deleted because it's in use.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
/access-profiles/bulk-delete:
post:
operationId: deleteAccessProfilesInBulk
summary: Delete Access Profile(s)
tags:
- Access Profiles
description: |-
This endpoint initiates a bulk deletion of one or more access profiles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 access profiles per request.
By default, if any of the indicated access profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this endpoint. In addition, a SOURCE_SUBADMIN can only use this endpoint to delete access profiles associated with sources they're able to administer.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accessProfileIds:
description: List of IDs of Access Profiles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
bestEffortOnly:
description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.'
type: boolean
example: true
example:
bestEffortOnly: true
accessProfileIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'200':
description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.'
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
pending: []
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'202':
description: Returned if at least one deletion will be performed.
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
taskId: 2c91808a7813090a01781412a1119a20
pending:
- 2c91808a7813090a017813fe1919ecca
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
/access-profiles/bulk-update-requestable:
post:
operationId: updateAccessProfilesInBulk
summary: Update Access Profile(s) requestable field.
tags:
- Access Profiles
description: |-
This API initiates a bulk update of field requestable for one or more Access Profiles.
> If any of the indicated Access Profiles is exists in Organization,then those Access Profiles will be added in **updated**
list of the response.Requestable field of these Access Profiles marked as **true** or **false**.
> If any of the indicated Access Profiles is not does not exists in Organization,then those Access Profiles will be added in **notFound** list of the response. Access Profiles marked as **notFound** will not be updated.
> A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to update Access Profiles which are associated with Sources they are able to administer.
requestBody:
required: true
content:
application/json:
schema:
description: List of Access profiles to be updated.
type: array
items:
type: object
description: Access Profile's basic details.
properties:
id:
type: string
description: Access Profile ID.
example: 464ae7bf-791e-49fd-b746-06a2e4a8
requestable:
type: boolean
description: Access Profile is requestable or not.
example: false
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a8
requestable: false
required:
- id
- requestable
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a89635
requestable: false
responses:
'207':
description: List of updated and not updated Access Profiles.
content:
application/json:
schema:
description: Access Profile Bulk update response.
type: array
items:
type: object
properties:
id:
description: Identifier of Access Profile in bulk update request.
type: string
example: 2c7180a46faadee4016fb4e018c20642
requestable:
description: Access Profile requestable or not.
type: boolean
example: false
status:
description: |
The HTTP response status code returned for an individual Access Profile that is requested for update during a bulk update operation.
> 201 - Access profile is updated successfully.
> 404 - Access profile not found.
type: string
example: '201'
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Access profile is updated successfully.
> Referenced Access profile with Id "2c7180a46faadee4016fb4e018c20642" was not found.
required:
- id
- requestable
- status
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a8
status: '201'
requestable: false
description: Access Profile updated successfully.
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a89635
status: '201'
requestable: false
description: Access Profile updated successfully.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'412':
description: Precondition Failed - Returned in response if API/Feature not enabled for an organization.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' API/Feature not enabled for your organization.'
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
'/access-profiles/{id}/entitlements':
get:
operationId: getAccessProfileEntitlements
tags:
- Access Profiles
summary: List Access Profile's Entitlements
description: |-
Use this API to get a list of an access profile's entitlements.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified access profile.
parameters:
- name: id
in: path
description: ID of the access profile containing the entitlements.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of entitlements.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
- 'idn:access-profile:manage'
/access-requests:
post:
operationId: createAccessRequest
security:
- UserContextAuth:
- 'idn:access-request:manage'
summary: Submit Access Request
tags:
- Access Requests
description: |
Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.
Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request
has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn't return an error
if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.
It's best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can
be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also
use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting
an access request to ensure that you aren't requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.
These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.
There are two types of access request:
__GRANT_ACCESS__
* Can be requested for multiple identities in a single request.
* Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.
* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
* Roles, access profiles and entitlements can be requested.
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
__REVOKE_ACCESS__
* Can only be requested for a single identity at a time.
* You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.
* Does not support self request. Only manager can request to revoke access for their directly managed employees.
* If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements.
* Roles, access profiles, and entitlements can be requested for revocation.
* Revoke requests for entitlements are limited to 1 entitlement per access request currently.
* You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.
* Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.
A token with API authority cannot be used to call this endpoint.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requestedFor:
description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
required:
- requestedFor
- requestedItems
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/cancel:
post:
operationId: cancelAccessRequest
security:
- UserContextAuth:
- 'idn:access-request:cancel'
tags:
- Access Requests
summary: Cancel Access Request
description: |-
This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.
Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for cancel access request endpoint.
required:
- accountActivityId
- comment
properties:
accountActivityId:
type: string
description: 'This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: Reason for cancelling the pending access request.
example: I requested this role by mistake.
example:
accountActivityId: 2c91808568c529c60168cca6f90c1313
comment: I requested this role by mistake.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/close:
post:
operationId: closeAccessRequest
tags:
- Access Requests
summary: Close Access Request
description: |
This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/). A token with ORG_ADMIN authority is required.
To find pending access requests with the UI, navigate to Search and use this query: status: Pending AND "Access Request". Use the Column Chooser to select 'Tracking Number', and use the 'Download' button to export a CSV containing the tracking numbers.
To find pending access requests with the API, use the [List Account Activities endpoint](https://developer.sailpoint.com/idn/api/v3/list-account-activities/).
Input the IDs from either source.
To track the status of endpoint requests, navigate to Search and use this query: name:"Close Identity Requests". Search will include "Close Identity Requests Started" audits when requests are initiated and "Close Identity Requests Completed" audits when requests are completed. The completion audit will list the identity request IDs that finished in error.
This API triggers the [Provisioning Completed event trigger](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/provisioning-completed/) for each access request that is closed.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for close access requests endpoint.
required:
- accessRequestIds
properties:
accessRequestIds:
type: array
description: Access Request IDs for the requests to be closed. Accepts 1-500 Identity Request IDs per request.
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
message:
type: string
description: Reason for closing the access request. Displayed under Warnings in IdentityNow.
default: The IdentityNow Administrator manually closed this request.
example: The IdentityNow Administrator manually closed this request.
executionStatus:
type: string
enum:
- Terminated
- Completed
description: The request's provisioning status. Displayed as Stage in IdentityNow.
default: Terminated
example: Terminated
completionStatus:
type: string
enum:
- Success
- Incomplete
- Failure
description: The request's overall status. Displayed as Status in IdentityNow.
default: Failure
example: Failure
example:
accessRequestIds:
- 2c90ad2a70ace7d50170acf22ca90010
executionStatus: Terminated
completionStatus: Failure
message: The IdentityNow Administrator manually closed this request.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-config:
get:
operationId: getAccessRequestConfig
security:
- UserContextAuth:
- 'idn:access-request-config:read'
summary: Get Access Request Configuration
tags:
- Access Requests
description: This endpoint returns the current access-request configuration.
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: 'If this is true, entitlement requests are allowed.'
default: false
example: true
requestCommentsRequired:
type: boolean
description: 'If this is true, comments are required to submit entitlement requests.'
default: false
example: false
deniedCommentsRequired:
type: boolean
description: 'If this is true, comments are required to reject entitlement requests.'
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
You can use multiple governance groups (workgroups).
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setAccessRequestConfig
security:
- UserContextAuth:
- 'idn:access-request-config:update'
summary: Update Access Request Configuration
tags:
- Access Requests
description: |-
This endpoint replaces the current access-request configuration.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: 'If this is true, entitlement requests are allowed.'
default: false
example: true
requestCommentsRequired:
type: boolean
description: 'If this is true, comments are required to submit entitlement requests.'
default: false
example: false
deniedCommentsRequired:
type: boolean
description: 'If this is true, comments are required to reject entitlement requests.'
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
You can use multiple governance groups (workgroups).
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: 'If this is true, entitlement requests are allowed.'
default: false
example: true
requestCommentsRequired:
type: boolean
description: 'If this is true, comments are required to submit entitlement requests.'
default: false
example: false
deniedCommentsRequired:
type: boolean
description: 'If this is true, comments are required to reject entitlement requests.'
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
You can use multiple governance groups (workgroups).
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-status:
get:
operationId: listAccessRequestStatus
security:
- UserContextAuth:
- 'idn:access-request-status:read'
tags:
- Access Requests
summary: Access Request Status
description: |-
Use this API to return a list of access request statuses based on the specified query parameters.
If an access request was made for access that an identity already has, the API ignores the access request. These ignored requests do not display in the list of access request statuses.
Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.
parameters:
- in: query
name: requested-for
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity twho made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: assigned-to
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user.
required: false
- in: query
name: count
description: 'If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.'
required: false
schema:
type: boolean
default: false
example: false
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
example: 100
- in: query
name: offset
description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
required: false
schema:
type: integer
format: int32
minimum: 0
example: 10
- in: query
name: filters
schema:
type: string
example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
example: created
required: false
responses:
'200':
description: List of requested item statuses.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Human-readable display name of the item being requested.
example: AccessProfile1
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
- null
description: Type of requested object.
example: ACCESS_PROFILE
nullable: true
cancelledRequestDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment made by the owner when cancelling the associated request.
example: This request must be cancelled.
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
modified:
type: string
format: date-time
description: Date comment was added by the owner when cancelling the associated request.
example: '2019-12-20T09:17:12.192Z'
description: Provides additional details for a request that has been cancelled.
- nullable: true
errorMessages:
type: array
nullable: true
items:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.'
state:
type: string
enum:
- EXECUTING
- REQUEST_COMPLETED
- CANCELLED
- TERMINATED
- PROVISIONING_VERIFICATION_PENDING
- REJECTED
- PROVISIONING_FAILED
- NOT_ALL_ITEMS_PROVISIONED
- ERROR
description: |-
Indicates the state of an access request:
* EXECUTING: The request is executing, which indicates the system is doing some processing.
* REQUEST_COMPLETED: Indicates the request has been completed.
* CANCELLED: The request was cancelled with no user input.
* TERMINATED: The request has been terminated before it was able to complete.
* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
* REJECTED: The request was rejected.
* PROVISIONING_FAILED: The request has failed to complete.
* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
* ERROR: An error occurred during request processing.
example: EXECUTING
approvalDetails:
type: array
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: false
originalOwner:
type: object
description: Identity of orginal approval owner.
properties:
type:
type: string
description: DTO type of original approval owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original approval owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original approval owner.
example: Michael Michaels
currentOwner:
allOf:
- type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
- nullable: true
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
nullable: true
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
scheme:
type: string
enum:
- APP_OWNER
- SOURCE_OWNER
- MANAGER
- ROLE_OWNER
- ACCESS_PROFILE_OWNER
- ENTITLEMENT_OWNER
- GOVERNANCE_GROUP
description: Describes the individual or group that is responsible for an approval step.
example: MANAGER
errorMessages:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, includes any error messages that were generated.'
nullable: true
comment:
type: string
description: 'Comment, if any, provided by the approver.'
example: I approve this request
nullable: true
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
description: Approval details for each item.
manualWorkItemDetails:
type: array
nullable: true
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: true
originalOwner:
type: object
nullable: true
description: 'Identity of original work item owner, if the work item has been forwarded.'
properties:
type:
type: string
description: DTO type of original work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original work item owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original work item owner.
example: Michael Michaels
currentOwner:
type: object
description: Identity of current work item owner.
nullable: true
properties:
type:
type: string
description: DTO type of current work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of current work item owner's identity.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of current work item owner.
example: Allen Albertson
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
forwardHistory:
type: array
nullable: true
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
description: Manual work items created for provisioning the item.
accountActivityItemId:
type: string
description: Id of associated account activity item.
example: 2c9180926cbfbddd016cbfc7c3b10010
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
nullable: true
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity access was requested for.
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- nullable: true
description: The requester's comment.
sodViolationContext:
allOf:
- description: An object referencing a completed SOD violation check
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- nullable: true
description: The details of the SOD violations for the associated approval.
provisioningDetails:
allOf:
- type: object
properties:
orderedSubPhaseReferences:
type: string
description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.'
example: manualWorkItemDetails
description: Provides additional details about provisioning for this request.
- nullable: true
preApprovalTriggerDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment left for the pre-approval decision
example: Access is Approved
reviewer:
type: string
description: The reviewer of the pre-approval decision
example: John Doe
decision:
type: string
enum:
- APPROVED
- REJECTED
description: The decision of the pre-approval trigger
example: APPROVED
description: Provides additional details about the pre-approval trigger for this request.
- nullable: true
accessRequestPhases:
type: array
items:
type: object
properties:
started:
type: string
description: The time that this phase started.
format: date-time
example: '2020-07-11T00:00:00Z'
finished:
type: string
description: The time that this phase finished.
format: date-time
example: '2020-07-12T00:00:00Z'
nullable: true
name:
type: string
description: The name of this phase.
example: APPROVAL_PHASE
state:
type: string
enum:
- PENDING
- EXECUTING
- COMPLETED
- CANCELLED
- NOT_EXECUTED
description: The state of this phase.
example: COMPLETED
result:
type: string
enum:
- SUCCESSFUL
- FAILED
- null
description: The state of this phase.
example: SUCCESSFUL
nullable: true
phaseReference:
type: string
description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.'
example: approvalDetails
nullable: true
description: Provides additional details about this access request phase.
description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.'
nullable: true
description:
type: string
description: Description associated to the requested object.
example: This is the Engineering role that engineers are granted.
nullable: true
removeDate:
type: string
format: date-time
nullable: true
description: When the role access is scheduled for removal.
example: '2019-10-23T00:00:00.000Z'
cancelable:
type: boolean
default: false
description: True if the request can be canceled.
example: true
accessRequestId:
type: string
description: This is the account activity id.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
key1: value1
key2: value2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/pending:
get:
operationId: listPendingApprovals
summary: Pending Access Request Approvals List
tags:
- Access Request Approvals
description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
If present, the value returns only pending approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**requestedFor.id**: *eq, in*
**modified**: *gt, lt, ge, le, eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
description: List of Pending Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The approval id.
name:
type: string
example: Pending approval name
description: The name of the approval.
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
description: If the access-request was for granting or revoking access.
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
owner:
type: object
description: Access item owner's identity.
properties:
type:
type: string
description: Access item owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Access item owner's human-readable display name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
example: 2c938083633d259901633d25c68c00fa
description: Id of the object.
name:
type: string
example: Object Name
description: Name of the object.
description:
type: string
example: Object Description
description: Description of the object.
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
description: The requester's comment.
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
example: true
description: When true the rejector has to provide comments when rejecting
actionInProcess:
description: 'Action that is performed on this approval, and system has not finished performing that action yet.'
type: string
enum:
- APPROVED
- REJECTED
- FORWARDED
example: APPROVED
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
removeDateUpdateRequested:
type: boolean
default: false
example: true
description: 'If true, then the request is to change the remove date or sunset date.'
currentRemoveDate:
type: string
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
sodViolationContext:
description: The details of the SOD violations for the associated approval.
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
description: The status of SOD violation check
example: SUCCESS
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
items:
description: The contextual information of the violated criteria.
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
description: A list of the Policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/completed:
get:
operationId: listCompletedApprovals
summary: Completed Access Request Approvals List
tags:
- Access Request Approvals
description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
If present, the value returns only completed approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**requestedFor.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
description: List of Completed Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
example: 2c938083633d259901633d25c68c00fa
description: The approval id.
name:
type: string
example: Approval Name
description: The name of the approval.
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
description: If the access-request was for granting or revoking access.
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity access was requested for.
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
reviewedBy:
type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
owner:
type: object
description: Access item owner's identity.
properties:
type:
type: string
description: Access item owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Access item owner's human-readable display name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
example: 2c938083633d259901633d25c68c00fa
description: Id of the object.
name:
type: string
example: Object Name
description: Name of the object.
description:
type: string
example: Object Description
description: Description of the object.
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
description: The requester's comment.
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
reviewerComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
author:
type: object
properties:
type:
type: string
description: DTO type of the commenting identity.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the commenting identity.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Display name of the commenting identity.
example: Adam Kennedy
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
type: object
nullable: true
description: The approval's reviewer's comment.
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
example: true
description: When true the rejector has to provide comments when rejecting
state:
description: The final state of the approval
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
removeDate:
type: string
nullable: true
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
removeDateUpdateRequested:
type: boolean
default: false
example: true
description: 'If true, then the request was to change the remove date or sunset date.'
currentRemoveDate:
type: string
nullable: true
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
sodViolationContext:
description: The details of the SOD violations for the associated approval.
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
description: The status of SOD violation check
example: SUCCESS
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
items:
description: The contextual information of the violated criteria.
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
description: A list of the Policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
preApprovalTriggerResult:
nullable: true
type: object
description: 'If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger''s decision to either approve or deny the request.'
properties:
comment:
type: string
description: The comment from the trigger
example: This request was autoapproved by our automated ETS subscriber
decision:
description: The approval decision of the trigger
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
reviewer:
type: string
description: The name of the approver
example: Automated AR Approval
date:
type: string
format: date-time
example: '2022-06-07T19:18:40.748Z'
description: The date and time the trigger decided on the request
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs provided during the request.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAccounts:
type: string
nullable: true
description: Information about the requested accounts
assignmentContext:
type: object
nullable: true
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/approve':
post:
operationId: approveAccessRequest
summary: Approve Access Request Approval
tags:
- Access Request Approvals
description: Use this endpoint to approve an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
author:
type: object
properties:
type:
type: string
description: DTO type of the commenting identity.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the commenting identity.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Display name of the commenting identity.
example: Adam Kennedy
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/reject':
post:
operationId: rejectAccessRequest
summary: Reject Access Request Approval
tags:
- Access Request Approvals
description: Use this API to reject an access request approval. Only the owner of the approval and admin users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
author:
type: object
properties:
type:
type: string
description: DTO type of the commenting identity.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the commenting identity.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Display name of the commenting identity.
example: Adam Kennedy
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/forward':
post:
operationId: forwardAccessRequest
summary: Forward Access Request Approval
tags:
- Access Request Approvals
description: Use this API to forward an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Information about the forwarded approval.
required: true
content:
application/json:
schema:
type: object
required:
- newOwnerId
- comment
properties:
newOwnerId:
type: string
description: The Id of the new owner
minLength: 1
maxLength: 255
comment:
type: string
description: The comment provided by the forwarder
minLength: 1
maxLength: 255
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/approval-summary:
get:
operationId: getAccessRequestApprovalSummary
security:
- UserContextAuth:
- 'idn:access-request-approvals-summary:read'
summary: Get Access Requests Approvals Number
tags:
- Access Request Approvals
description: 'Use this API to return the number of pending, approved and rejected access requests approvals. See the "owner-id" query parameter for authorization information.'
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
The ID of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used.
* Non ORG_ADMIN users can only specify *me* or pass their own identity ID value.
example: 2c91808568c529c60168cca6f90c1313
required: false
- in: query
name: from-date
schema:
type: string
description: This is the date and time the results will be shown from. It must be in a valid ISO-8601 format.
example: 'from-date=2020-03-19T19:59:11Z'
required: false
responses:
'200':
description: 'Number of pending, approved, rejected access request approvals.'
content:
application/json:
schema:
type: object
properties:
pending:
type: integer
description: The number of pending access requests approvals.
approved:
type: integer
description: The number of approved access requests approvals.
rejected:
type: integer
description: The number of rejected access requests approvals.
'400':
description: Client Error - Returned if the query parameter is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations:
get:
operationId: getAccessRequestRecommendations
tags:
- IAI Access Request Recommendations
summary: Identity Access Request Recommendations
description: This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user.
parameters:
- in: query
name: identity-id
description: Get access request recommendations for an identityId. *me* indicates the current user.
schema:
type: string
default: me
required: false
example: 2c91808570313110017040b06f344ec9
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
minimum: 0
maximum: 15
default: 15
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: include-translation-messages
description: If *true* it will populate a list of translation messages in the response.
schema:
type: boolean
default: false
required: false
example: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.name**: *co*
**access.type**: *eq, in*
**access.description**: *co, eq, in*
example: access.name co "admin"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name, access.type**
By default the recommendations are sorted by highest confidence first.
responses:
'200':
description: List of access request recommendations for the identityId
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: Identity ID for the recommendation
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
name:
type: string
description: Name of the access item
example: Employee-database-read-write
description:
type: string
description: Description of the access item
example: This item grants an employee read and write access to the database
ignored:
type: boolean
example: true
description: Whether or not the identity has already chosen to ignore this recommendation.
requested:
type: boolean
example: true
description: Whether or not the identity has already chosen to request this recommendation.
viewed:
type: boolean
example: true
description: Whether or not the identity reportedly viewed this recommendation.
messages:
type: array
items:
type: object
properties:
interpretation:
type: string
description: Information about why the access item was recommended.
example: 95% of your peers have this access.
translationMessages:
description: The list of translation messages
type: array
example:
- key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
- '75'
- department
items:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/ignored-items:
post:
operationId: addAccessRequestRecommendationsIgnoredItem
tags:
- IAI Access Request Recommendations
summary: Notification of Ignored Access Request Recommendations
description: 'This API ignores a recommended access request item. Once an item is ignored, it will be marked as ignored=true if it is still a recommended item. The consumer can decide to hide ignored recommendations.'
requestBody:
description: The recommended access item to ignore for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendation successfully stored as ignored.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getAccessRequestRecommendationsIgnoredItems
tags:
- IAI Access Request Recommendations
summary: List of Ignored Access Request Recommendations
description: This API returns the list of ignored access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
example: identityId eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
example: access.id
responses:
'200':
description: Returns list of ignored access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/requested-items:
post:
operationId: addAccessRequestRecommendationsRequestedItem
tags:
- IAI Access Request Recommendations
summary: Notification of Requested Access Request Recommendations
description: 'This API consumes a notification that a recommended access request item was requested. This API does not actually make the request, it is just a notification. This will help provide feedback in order to improve our recommendations.'
requestBody:
description: The recommended access item that was requested for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Notification successfully acknowledged.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getAccessRequestRecommendationsRequestedItems
tags:
- IAI Access Request Recommendations
summary: List of Requested Access Request Recommendations
description: This API returns a list of requested access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
example: access.id eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
responses:
'200':
description: Returns the list of requested access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/viewed-items:
post:
operationId: addAccessRequestRecommendationsViewedItem
tags:
- IAI Access Request Recommendations
summary: Notification of Viewed Access Request Recommendations
description: This API consumes a notification that a recommended access request item was viewed. Future recommendations with this item will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access that was viewed for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendation successfully stored as viewed.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
summary: List of Viewed Access Request Recommendations
description: This API returns the list of viewed access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
example: access.id eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
responses:
'200':
description: Returns list of viewed access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/viewed-items/bulk-create:
post:
operationId: addAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
summary: Notification of Viewed Access Request Recommendations in Bulk
description: This API consumes a notification that a set of recommended access request item were viewed. Future recommendations with these items will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access items that were viewed for an identity.
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendations successfully stored as viewed.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/accounts:
get:
operationId: listAccounts
tags:
- Accounts
summary: Accounts List
description: |-
This returns a list of accounts.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
- 'idn:accounts:manage'
parameters:
- in: query
name: detailLevel
schema:
type: string
enum:
- SLIM
- FULL
description: 'Determines whether Slim, or increased level of detail is provided for each account in the returned list. FULL is the default behavior.'
example: FULL
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**identityId**: *eq, in, sw*
**name**: *eq, in, sw*
**nativeIdentity**: *eq, in, sw*
**sourceId**: *eq, in, sw*
**uncorrelated**: *eq*
**entitlements**: *eq*
**origin**: *eq, in*
**manuallyCorrelated**: *eq*
**identity.name**: *eq, in, sw*
**identity.correlated**: *eq*
**identity.identityState**: *eq, in*
**source.displayableName**: *eq, in*
**source.authoritative**: *eq*
**source.connectionType**: *eq, in*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, identity.id, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType**
responses:
'200':
description: List of account objects
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
cloudLifecycleState:
type: string
nullable: true
example: active
description: The lifecycle state of the identity this account is correlated to
identityState:
type: string
nullable: true
example: ACTIVE
description: The identity state of the identity this account is correlated to
connectionType:
type: string
example: direct
description: The connection type of the source this account is from
type:
type: string
nullable: true
example: NON_HUMAN
description: The type of the account
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: slpt.support
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c918084660f45d6016617daa9210584
name:
type: string
description: Human-readable display name of the identity
example: Adam Kennedy
sourceOwner:
description: The owner of the source this account belongs to
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 4c5c8534e99445de98eef6c75e25eb01
name:
type: string
description: Human-readable display name of the identity
example: SailPoint Support
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
origin:
type: string
nullable: true
enum:
- AGGREGATED
- PROVISIONED
- null
description: The origin of the account either aggregated or provisioned
example: AGGREGATED
ownerIdentity:
description: 'The identity who owns this account, typically used for non-human accounts'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c918084660f45d6016617daa9210584
name:
type: string
description: Human-readable display name of the identity
example: Adam Kennedy
ownerGroup:
description: 'The governance group who owns this account, typically used for non-human accounts'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the governance group
example: 8d3e0094e99445de98eef6c75e25jc04
name:
type: string
description: Human-readable display name of the governance group
example: GovGroup AX17Z
examples:
SlimAccounts:
description: List of slim accounts that would result with *detailLevel = SLIM*
value:
- attributes: null
created: '2021-09-28T02:15:44.644Z'
description: null
disabled: false
features: 'PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE'
hasEntitlements: true
id: 2c9180867c184ff6017c2a2fbf031667
identityId: 2c9180867c184ff6017c2a2fbf031666
locked: false
manuallyCorrelated: false
modified: '2021-09-28T02:16:12.207Z'
name: Geovanni.0a7cad6df
nativeIdentity: 'CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local'
sourceId: 2c91808b7c28b350017c2a2ec5790aa1
uuid: '{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}'
FullAccounts:
description: List of slim accounts that would result with *detailLevel = FULL* or not specifying it
value:
- attributes: null
authoritative: true
created: '2021-09-28T02:15:44.644Z'
description: null
disabled: false
features: 'PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE'
hasEntitlements: true
id: 2c9180867c184ff6017c2a2fbf031667
identityId: 2c9180867c184ff6017c2a2fbf031666
locked: false
manuallyCorrelated: false
modified: '2021-09-28T02:16:12.207Z'
name: Geovanni.0a7cad6df
nativeIdentity: 'CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local'
sourceId: 2c91808b7c28b350017c2a2ec5790aa1
systemAccount: false
uncorrelated: false
uuid: '{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createAccount
tags:
- Accounts
summary: Create Account
description: |-
This API submits an account creation task and returns the task ID.
The `sourceId` where this account will be created must be included in the `attributes` object.
This endpoint creates an account on the source record in your ISC tenant. This is useful for Flat File (`DelimitedFile`) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time.
However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
required:
- sourceId
properties:
sourceId:
type: string
description: Target source to create an account
example: 34bfcbe116c9407464af37acbaf7a4dc
additionalProperties:
type: string
example:
sourceId: 34bfcbe116c9407464af37acbaf7a4dc
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}':
get:
operationId: getAccount
tags:
- Accounts
summary: Account Details
description: |-
Use this API to return the details for a single account by its ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Account object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
cloudLifecycleState:
type: string
nullable: true
example: active
description: The lifecycle state of the identity this account is correlated to
identityState:
type: string
nullable: true
example: ACTIVE
description: The identity state of the identity this account is correlated to
connectionType:
type: string
example: direct
description: The connection type of the source this account is from
type:
type: string
nullable: true
example: NON_HUMAN
description: The type of the account
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: slpt.support
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c918084660f45d6016617daa9210584
name:
type: string
description: Human-readable display name of the identity
example: Adam Kennedy
sourceOwner:
description: The owner of the source this account belongs to
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 4c5c8534e99445de98eef6c75e25eb01
name:
type: string
description: Human-readable display name of the identity
example: SailPoint Support
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
origin:
type: string
nullable: true
enum:
- AGGREGATED
- PROVISIONED
- null
description: The origin of the account either aggregated or provisioned
example: AGGREGATED
ownerIdentity:
description: 'The identity who owns this account, typically used for non-human accounts'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c918084660f45d6016617daa9210584
name:
type: string
description: Human-readable display name of the identity
example: Adam Kennedy
ownerGroup:
description: 'The governance group who owns this account, typically used for non-human accounts'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the governance group
example: 8d3e0094e99445de98eef6c75e25jc04
name:
type: string
description: Human-readable display name of the governance group
example: GovGroup AX17Z
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateAccount
tags:
- Accounts
summary: Update Account
description: |-
Use this API to update account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
This API supports updating an account's correlation. You can modify only the `identityId` and `manuallyCorrelated` fields for any flat file account. To reassign an account from one identity to another, replace the current `identityId` with a new value. If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, this causes the previous identity to become uncorrelated and can even result in its deletion. All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise.
>**Note:** The `attributes` field can only be modified for flat file accounts.
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
example:
Uncorrelate account:
description: Remove account from Identity
value:
- op: remove
path: /identityId
Reassign account:
description: Move account from one Identity to another Identity
value:
- op: replace
path: /identityId
value: 2c9180857725c14301772a93bb77242d
Add account attribute:
description: Add flat file account's attribute
value:
- op: add
path: /attributes/familyName
value: Smith
Replace account attribute:
description: Replace flat file account's attribute
value:
- op: replace
path: /attributes/familyName
value: Smith
Remove account attribute:
description: Remove flat file account's attribute
value:
- op: remove
path: /attributes/familyName
responses:
'202':
description: Accepted. Update request accepted and is in progress.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putAccount
tags:
- Accounts
summary: Update Account
description: |-
Use this API to update an account with a PUT request.
This endpoint submits an account update task and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
>**NOTE: You can only use this PUT endpoint to update accounts from sources of the "DelimitedFile" type.**
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
example:
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteAccount
tags:
- Accounts
summary: Delete Account
description: |-
Use this API to delete an account.
This endpoint submits an account delete task and returns the task ID.
This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
>**NOTE:** You can only delete accounts from sources of the "DelimitedFile" type.**
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/entitlements':
get:
operationId: getAccountEntitlements
tags:
- Accounts
summary: Account Entitlements
description: |-
This API returns entitlements of the account.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: An array of account entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/reload':
post:
operationId: submitReloadAccount
tags:
- Accounts
summary: Reload Account
description: |-
This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/enable':
post:
operationId: enableAccount
tags:
- Accounts
summary: Enable Account
description: |-
This API submits a task to enable account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/disable':
post:
operationId: disableAccount
tags:
- Accounts
summary: Disable Account
description: |-
This API submits a task to disable the account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/unlock':
post:
operationId: unlockAccount
tags:
- Accounts
summary: Unlock Account
description: |-
This API submits a task to unlock an account and returns the task ID.
To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
- 'idn:accounts-provisioning:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account unlock
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
unlockIDNAccount:
description: 'If set, the IDN account is unlocked after the workflow completes.'
type: boolean
example: false
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/remove':
post:
operationId: deleteAccountAsync
summary: Remove Account
tags:
- Accounts
description: |
Use this endpoint to remove accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
* Removing accounts that no longer exist on the source.
* Removing accounts that won't be aggregated following updates to the source configuration.
* Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: c350d6aa4f104c61b062cb632421ad10
responses:
'202':
description: Accepted. Returns task result details of removal request.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:account:remove'
'/identities-accounts/{id}/enable':
post:
operationId: enableAccountForIdentity
tags:
- Accounts
summary: Enable IDN Account for Identity
description: This API submits a task to enable IDN account for a single identity.
externalDocs:
description: Learn more about enabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities'
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id.
example: 2c91808384203c2d018437e631158309
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities-accounts/{id}/disable':
post:
operationId: disableAccountForIdentity
tags:
- Accounts
summary: Disable IDN Account for Identity
description: This API submits a task to disable IDN account for a single identity.
externalDocs:
description: Learn more about disabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities'
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id.
example: 2c91808384203c2d018437e631158309
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities-accounts/enable:
post:
operationId: enableAccountsForIdentities
tags:
- Accounts
summary: Enable IDN Accounts for Identities
description: This API submits tasks to enable IDN account for each identity provided in the request body.
externalDocs:
description: Learn more about enabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities'
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
description: The ids of the identities for which enable/disable accounts.
type: array
items:
type: string
example:
- 2c91808384203c2d018437e631158308
- 2c9180858082150f0180893dbaf553fe
responses:
'207':
description: Bulk response details.
content:
application/json:
schema:
type: array
items:
type: object
description: Bulk response object.
properties:
id:
type: string
description: Identifier of bulk request item.
example: 2c9180858082150f0180893dbaf553fe
statusCode:
type: integer
format: int32
description: Response status value.
example: 404
message:
type: string
description: Status containing additional context information about failures.
example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
example:
- id: 2c9180858082150f0180893dbaf553fe
statusCode: 404
message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
- id: 2c91808384203c2d018437e631158308
statusCode: 202
message: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities-accounts/disable:
post:
operationId: disableAccountsForIdentities
tags:
- Accounts
summary: Disable IDN Accounts for Identities
description: This API submits tasks to disable IDN account for each identity provided in the request body.
externalDocs:
description: Learn more about disabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities'
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
description: The ids of the identities for which enable/disable accounts.
type: array
items:
type: string
example:
- 2c91808384203c2d018437e631158308
- 2c9180858082150f0180893dbaf553fe
responses:
'207':
description: Bulk response details.
content:
application/json:
schema:
type: array
items:
type: object
description: Bulk response object.
properties:
id:
type: string
description: Identifier of bulk request item.
example: 2c9180858082150f0180893dbaf553fe
statusCode:
type: integer
format: int32
description: Response status value.
example: 404
message:
type: string
description: Status containing additional context information about failures.
example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
example:
- id: 2c9180858082150f0180893dbaf553fe
statusCode: 404
message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
- id: 2c91808384203c2d018437e631158308
statusCode: 202
message: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/accounts/search-attribute-config:
post:
operationId: createSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Configure/create extended search attributes in IdentityNow.
description: |-
This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create and attribute promotion configuration in the Link ObjectConfig.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
example:
name: newMailAttribute
displayName: New Mail Attribute
applicationAttributes:
2c9180866166b5b0016167c32ef31a66: mail
2c9180866166b5b0016167c32ef31a67: mail
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Retrieve a list of extended search attributes in IdentityNow.
description: |-
This API retrieves a list of attribute/application associates currently configured in IdentityNow.
A token with ORG_ADMIN authority is required to call this API.
responses:
'200':
description: List of attribute configurations in IdentityNow.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/search-attribute-config/{name}':
get:
operationId: getSingleSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Get the details of a specific extended search attribute in IdentityNow.
description: |-
This API accepts an extended attribute name and retrieves the corresponding extended attribute configuration.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: name
in: path
description: Name of the extended search attribute configuration to delete.
required: true
schema:
type: string
example: newMailAttribute
responses:
'200':
description: Specific attribute configuration in IdentityNow.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Delete an extended search attribute in IdentityNow.
description: |-
This API accepts an extended attribute name and deletes the corresponding extended attribute configuration.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: name
in: path
description: Name of the extended search attribute configuration to delete.
required: true
schema:
type: string
example: newMailAttribute
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Update the details of a specific extended search attribute in IdentityNow.
description: |-
This API updates an existing Search Attribute Configuration. The following fields are patchable:
**name**, **displayName**, **applicationAttributes**
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: name
in: path
description: Name of the Search Attribute Configuration to patch.
required: true
schema:
type: string
example: promotedMailAttribute
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: newAttributeName
- op: replace
path: /displayName
value: new attribute display name
- op: add
path: /applicationAttributes
value:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
required: true
responses:
'200':
description: Responds with the Search Attribute Configuration as updated.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/account-activities:
get:
operationId: listAccountActivities
tags:
- Account Activities
summary: List Account Activities
description: This gets a collection of account activities that satisfy the given query parameters.
parameters:
- in: query
name: requested-for
schema:
type: string
description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: type
schema:
type: string
description: The type of account activity.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**type**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**created**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified**
responses:
'200':
description: List of account activities
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the account activity itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
example: 2c9180835d2e5168015d32f890ca1581
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
completionStatus:
nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
type:
type: string
nullable: true
example: appRequest
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
errors:
type: array
nullable: true
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
type: array
nullable: true
items:
type: string
example: null
items:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
allOf:
- type: string
nullable: true
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: PENDING
description: The state of an approval status
- nullable: true
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
allOf:
- type: string
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
- nullable: true
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
cancelable:
type: boolean
description: Whether the account activity can be canceled before completion
cancelComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-activities/{id}':
get:
operationId: getAccountActivity
tags:
- Account Activities
summary: Get Account Activity
description: This gets a single account activity by its id.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account activity id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An account activity object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the account activity itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
example: 2c9180835d2e5168015d32f890ca1581
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
completionStatus:
nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
type:
type: string
nullable: true
example: appRequest
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
errors:
type: array
nullable: true
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
type: array
nullable: true
items:
type: string
example: null
items:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
allOf:
- type: string
nullable: true
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: PENDING
description: The state of an approval status
- nullable: true
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
allOf:
- type: string
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
- nullable: true
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
cancelable:
type: boolean
description: Whether the account activity can be canceled before completion
cancelComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-aggregations/{id}/status':
get:
operationId: getAccountAggregationStatus
tags:
- Account Aggregations
summary: In-progress Account Aggregation status
description: |-
This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been processed so far.
Accounts that have not changed since the previous aggregation are not included in **totalAccounts** and **processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not.
Since this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and processedAccounts may change between calls to this endpoint.
*Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.*
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account aggregation id
example: 2c91808477a6b0c60177a81146b8110b
responses:
'200':
description: An account aggregation status object
content:
application/json:
schema:
type: object
properties:
start:
type: string
format: date-time
example: '2021-01-31T14:30:05.104Z'
description: When the aggregation started.
status:
type: string
enum:
- STARTED
- ACCOUNTS_COLLECTED
- COMPLETED
- CANCELLED
- RETRIED
- TERMINATED
example: ACCOUNTS_COLLECTED
description: |
STARTED - Aggregation started, but source account iteration has not completed.
ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed.
COMPLETED - Aggregation completed (*possibly with errors*).
CANCELLED - Aggregation cancelled by user.
RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance.
TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance.
totalAccounts:
type: integer
example: 520
description: 'The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
processedAccounts:
type: integer
example: 150
description: 'The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-profiles:
get:
operationId: getProfileConfigList
tags:
- Auth Profile
summary: Get list of Auth Profiles.
description: This API returns a list of auth profiles.
security:
- UserContextAuth:
- 'sp:auth-profile:read'
responses:
'200':
description: List of Auth Profiles
content:
application/json:
schema:
type: array
items:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/auth-profiles/{id}':
get:
operationId: getProfileConfig
tags:
- Auth Profile
summary: Get Auth Profile.
description: This API returns auth profile information.
security:
- UserContextAuth:
- 'sp:auth-profile:read'
responses:
'200':
description: Auth Profile
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Authentication Profile name.
example: EndToEnd-Profile
offNetwork:
type: boolean
description: Use it to block access from off network.
default: false
example: true
untrustedGeography:
type: boolean
description: Use it to block access from untrusted geoographies.
default: false
example: true
applicationId:
type: string
description: Application ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
applicationName:
type: string
description: Application name.
example: EndToEnd-Source
type:
type: string
enum:
- BLOCK
- MFA
- NON_PTA
- PTA
description: Type of the Authentication Profile.
example: PTA
strongAuthLogin:
type: boolean
description: Use it to enable strong authentication.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchProfileConfig
tags:
- Auth Profile
summary: Patch a specified Auth Profile
description: |-
This API updates an existing Auth Profile. The following fields are patchable:
**offNetwork**, **untrustedGeography**, **applicationId**, **applicationName**, **type**
parameters:
- name: id
in: path
description: ID of the Auth Profile to patch.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
required: true
responses:
'200':
description: Responds with the Auth Profile as updated.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Authentication Profile name.
example: EndToEnd-Profile
offNetwork:
type: boolean
description: Use it to block access from off network.
default: false
example: true
untrustedGeography:
type: boolean
description: Use it to block access from untrusted geoographies.
default: false
example: true
applicationId:
type: string
description: Application ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
applicationName:
type: string
description: Application name.
example: EndToEnd-Source
type:
type: string
enum:
- BLOCK
- MFA
- NON_PTA
- PTA
description: Type of the Authentication Profile.
example: PTA
strongAuthLogin:
type: boolean
description: Use it to enable strong authentication.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:auth-profile:update'
/campaigns:
get:
operationId: getActiveCampaigns
tags:
- Certification Campaigns
summary: List Campaigns
description: 'Use this API to get a list of campaigns. The API can provide increased level of detail for each campaign for the correct provided query. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-active-campaigns). - UserContextAuth: []'
deprecated: true
parameters:
- in: query
name: detail
schema:
type: string
enum:
- SLIM
- FULL
required: false
description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.'
example: FULL
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**status**: *eq, in*
example: name eq "Manager Campaign"
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created**
example: name
responses:
'200':
description: 'List of campaign objects. By default, the API returns a list of SLIM campaigns.'
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Slim Campaign:
description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM
value:
- id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:29:51.065Z
totalCertifications: 10
completedCertifications: 3
alerts:
- level: ERROR
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion must have children non-composite criterion must not.
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T19:00:27.731Z
totalCertifications: 5
completedCertifications: 3
alerts: null
- id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-07-25T15:42:18.276Z
totalCertifications: 7
completedCertifications: 3
alerts:
- level: WARN
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion is in wrong format.
correlatedStatus: CORRELATED
- id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-07-27T17:04:19.027Z
totalCertifications: 1
completedCertifications: 1
alerts: null
Full Campaign:
description: List of Campaigns that would result from specifying *detail* as FULL
value:
- id: 078696a575e045c68d6722ccdb9f101d
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ERROR
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-08-02T20:29:51.331Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
- id: 1be8fc1103914bf0a4e14e316b6a7b7c
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
status: STAGED
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-08-02T19:00:34.391Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign for Identities
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-07-25T15:42:53.718Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: IDENTITY
description: Example of Search Campaign
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: ad3cf3dd50394b1bad646de4bc51b999
name: Source Owner Campaign
description: Example for Source Owner Campaign
deadline: 2022-08-10T17:09:02.000Z
type: SOURCE_OWNER
status: ACTIVE
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-07-27T17:09:13.925Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c91808781fd5aea01821200dc88318e
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCampaign
tags:
- Certification Campaigns
summary: Create Campaign
description: 'Use this API to create a certification campaign with the information provided in the request body. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/create-campaign).'
security:
- UserContextAuth:
- 'idn:campaign:create'
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
name: Search Campaign
description: Search Campaign
deadline: 2020-12-25T06:00:00.468Z
type: SEARCH
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
searchCampaignInfo:
type: ACCESS
query: user
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
name: Source Owner
description: Source Owner Info
deadline: 2020-12-25T06:00:00.468Z
type: SOURCE_OWNER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
sourceOwnerCampaignInfo:
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
roleIds:
- b15d609fc5c8434b865fe552315fda8f
mandatoryCommentRequirement: NO_DECISIONS
responses:
'200':
description: 'This response indicates that the requested campaign was successfully created, and the API returns its representation.'
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
id: 5594f43b76804a6980ece5fdccf74be7
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:21:18.421Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: ec041831cb2147778b594feb9d8db44a
name: Search Campaign
description: Search Campaign
deadline: 2020-12-25T06:00:00.468Z
type: SEARCH
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-03T13:54:34.344Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: user
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: fd7b76ba4ea042de8a9414aa12fc977a
name: Source Owner
description: Source Owner Info
deadline: 2020-12-25T06:00:00.468Z
type: SOURCE_OWNER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-03T13:34:19.541Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:30:46.083Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/delete:
post:
operationId: deleteCampaigns
tags:
- Certification Campaigns
summary: Delete Campaigns
description: 'Use this API to delete certification campaigns whose IDs are specified in the provided list of campaign IDs. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/delete-campaigns). Authorized callers must be ORG_ADMINs or CERT_ADMINs.'
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign:delete'
requestBody:
description: IDs of the campaigns to delete.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The ids of the campaigns to delete
type: array
items:
type: string
example:
- 2c9180887335cee10173490db1776c26
- 2c9180836a712436016a7125a90c0021
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}':
get:
operationId: getCampaign
tags:
- Certification Campaigns
summary: Get Campaign
description: 'Use this API to get information for an existing certification campaign by the campaign''s ID. Though this endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-campaign). Authorized callers must be reviewers for this campaign, ORG_ADMINs, or a CERT_ADMINs.'
deprecated: true
security:
- UserContextAuth: []
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign to be retrieved.
example: 2c91808571bcfcf80171c23e4b4221fc
responses:
'200':
description: Campaign object.
content:
application/json:
schema:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateCampaign
tags:
- Certification Campaigns
summary: Update a Campaign
description: 'Use this API to update individual fields on a certification campaign, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Though this endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/beta/update-campaign).'
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign:update'
- 'idn:campaign:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template being modified.
example: 2c91808571bcfcf80171c23e4b4221fc
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The fields that can be patched differ based on the status of the campaign.
When the campaign is in the *STAGED* status, you can patch these fields:
* name
* description
* recommendationsEnabled
* deadline
* emailNotificationEnabled
* autoRevokeAllowed
When the campaign is in the *ACTIVE* status, you can patch these fields:
* deadline
content:
application/json-patch+json:
schema:
type: array
items:
type: object
example:
- op: replace
path: /name
value: This field has been updated!
- op: copy
from: /name
path: /description
responses:
'200':
description: 'This response indicates that the PATCH operation succeeded, and the API returns the campaign''s new representation.'
content:
application/json:
schema:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/activate':
post:
operationId: startCampaign
tags:
- Certification Campaigns
summary: Activate a Campaign
description: |-
Use this API to submit a job to activate the certified campaign with the specified ID. The campaign must be staged. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/start-campaign).
Calling this endpoint requires roles of CERT_ADMIN and ORG_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign:update'
deprecated: true
requestBody:
description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.'
required: false
content:
application/json:
schema:
type: object
properties:
timeZone:
type: string
description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.'
default: Z
example: '-05:00'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Campaign ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/complete':
post:
operationId: completeCampaign
tags:
- Certification Campaigns
summary: Complete a Campaign
description: |
:::caution
This endpoint will run successfully for any campaigns that are **past due**.
This endpoint will return a content error if the campaign is **not past due**.
:::
Use this API to complete a certification campaign. This functionality is provided to admins so that they
can complete a certification even if all items have not been completed. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/complete-campaign).
Calling this endpoint requires roles of CERT_ADMIN and ORG_ADMIN.
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign:update'
requestBody:
description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE'
required: false
content:
application/json:
schema:
type: object
properties:
autoCompleteAction:
description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion.
type: string
enum:
- APPROVE
- REVOKE
default: APPROVE
example: REVOKE
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Campaign ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-remediation-scan':
post:
operationId: startCampaignRemediationScan
tags:
- Certification Campaigns
summary: Run Campaign Remediation Scan
description: |-
Use this API to run a remediation scan task for a certification campaign. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/start-campaign-remediation-scan).
Calling this endpoint requires roles of CERT_ADMIN and ORG_ADMIN.
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign-report:run'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: ID of the campaign the remediation scan is being run for.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reassign':
post:
security:
- UserContextAuth:
- 'idn:certification:write'
operationId: move
tags:
- Certification Campaigns
summary: Reassign Certifications
description: This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API.
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification campaign ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
certificationIds:
description: List of certification IDs to reassign
type: array
items:
type: string
minItems: 1
maxItems: 250
example:
- af3859464779471211bb8424a563abc1
- af3859464779471211bb8424a563abc2
- af3859464779471211bb8424a563abc3
reassignTo:
type: object
properties:
id:
type: string
description: The identity ID to which the review is being assigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of the ID provided.
enum:
- IDENTITY
example: IDENTITY
reason:
type: string
description: Comment to explain why the certification was reassigned
example: reassigned for some reason
responses:
'202':
description: The reassign task that has been submitted.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
errors:
description: A list of errors that have been encountered by the task.
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
example:
id: 2c918086719eec070171a7e3355a360a
type: ADMIN_REASSIGN
targetType: CAMPAIGN
targetId: 2c918086719eec070171a7e3355a834c
status: QUEUED
errors: []
created: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reports':
get:
operationId: getCampaignReports
tags:
- Certification Campaigns
summary: Get Campaign Reports
deprecated: true
description: |-
Use this API to fetch all reports for a certification campaign by campaign ID. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-campaign-reports).
Calling this endpoint requires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-report:read'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: ID of the campaign whose reports are being fetched.
responses:
'200':
description: Array of campaign report objects.
content:
application/json:
schema:
type: array
items:
type: object
title: Campaign Report
required:
- reportType
allOf:
- allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
- type: object
properties:
reportType:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
lastRunAt:
type: string
readOnly: true
format: date-time
description: The most recent date and time this report was run
example:
type: REPORT_RESULT
id: 2c91808568c529c60168cca6f90c1313
name: Campaign Composition Report
status: SUCCESS
reportType: CAMPAIGN_COMPOSITION_REPORT
lastRunAt: '2019-12-19T13:49:37.385Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-report/{type}':
post:
operationId: startCampaignReport
tags:
- Certification Campaigns
summary: Run Campaign Report
deprecated: true
description: |-
Use this API to run a report for a certification campaign. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/start-campaign-report).
Calling this endpoint requires the following roles: CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-report:run'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: ID of the campaign the report is being run for.
- in: path
name: type
schema:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
required: true
description: Type of report to run.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/reports-configuration:
get:
operationId: getCampaignReportsConfig
tags:
- Certification Campaigns
summary: Get Campaign Reports Configuration
deprecated: true
description: |-
Use this API to fetch the configuration for certification campaign reports. The configuration includes only one element - identity attributes defined as custom report columns. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-campaign-reports-config).
Calling this endpoint requires roles of CERT_ADMIN and ORG_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-reports-config:read'
responses:
'200':
description: Campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignReportsConfig
tags:
- Certification Campaigns
summary: Set Campaign Reports Configuration
deprecated: true
description: |-
Use this API to overwrite the configuration for campaign reports. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/set-campaign-reports-config).
Calling this endpoint requires roles of CERT_ADMIN and ORG_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-reports-config:write'
requestBody:
required: true
description: Campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
responses:
'200':
description: The persisted campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-templates:
get:
operationId: getCampaignTemplates
tags:
- Certification Campaigns
summary: List Campaign Templates
description: |-
Use this API to get a list of all campaign templates. Scope can be reduced through standard V3 query params. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/list-campaign-templates).
The endpoint returns all campaign templates matching the query parameters.
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign-template-list:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: name
- in: query
name: filters
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, ge, gt, in, le, lt, ne, sw*
**id**: *eq, ge, gt, in, le, lt, ne, sw*
example: name eq "manager template"
responses:
'200':
description: List of campaign template objects.
content:
application/json:
schema:
type: array
items:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
example:
- id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCampaignTemplate
tags:
- Certification Campaigns
summary: Create a Campaign Template
description: 'Use this API to create a campaign template based on campaign. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/create-campaign-template).'
security:
- UserContextAuth:
- 'idn:campaign-template:create'
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
description: 'This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review").'
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadlineDuration: P2W
campaign:
name: Manager Review
description: Review everyone's access.
type: MANAGER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Search:
description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities.
value:
name: Reporting Access Review
description: A review of everyone's access to the reporting system.
deadlineDuration: P2W
campaign:
name: Search Review
description: Review everyone's access to the reporting system.
type: SEARCH
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
searchCampaignInfo:
type: ACCESS
query: '@access(name: ("reporter"))'
description: Identities with reporting abilities
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
description: 'This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source.'
value:
name: AD Source Review
description: A review of our AD source.
deadlineDuration: P1M
campaign:
name: Source Review
description: Review everyone's access.
type: SOURCE_OWNER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
description: 'This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review").'
value:
name: Role Composition Review
description: 'A review of every role''s access items, by the specified reviewer.'
deadlineDuration: P2W
campaign:
name: Role Composition Review
description: Review all our roles.
type: ROLE_COMPOSITION
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 2c9180876ab2c053016ab6f65dfd5aaa
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}':
get:
operationId: getCampaignTemplate
tags:
- Certification Campaigns
summary: Get a Campaign Template
description: 'Use this API to fetch a certification campaign template by ID. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-campaign-template).'
security:
- UserContextAuth:
- 'idn:campaign-template:read'
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Requested campaign template's ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Data for the campaign matching the given ID.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchCampaignTemplate
tags:
- Certification Campaigns
summary: Update a Campaign Template
description: 'Use this API to update individual fields on a certification campaign template, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/patch-campaign-template).'
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign-template:update'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template being modified.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* deadlineDuration
* campaign (all fields that are allowed during create)
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /campaign/filter/id
value: ff80818155fe8c080155fe8d925b0316
responses:
'200':
description: 'This response indicates that the PATCH operation succeeded, and the API returns the template''s new representation.'
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplate
tags:
- Certification Campaigns
summary: Delete a Campaign Template
description: 'Use this API to delete a certification campaign template by ID. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/delete-campaign-template).'
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign-template:delete'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template being deleted.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: The campaign template was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/generate':
post:
operationId: startGenerateCampaignTemplate
tags:
- Certification Campaigns
summary: Generate a Campaign from Template
deprecated: true
security:
- UserContextAuth:
- 'idn:campaign-template:run'
description: |-
Use this API to generate a new certification campaign from a campaign template.
The campaign object contained in the template has special formatting applied to its name and description fields that determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation.
Placeholders consist of a percent sign followed by a letter indicating what should be inserted. For example, "%Y" inserts the current year, and a campaign template named "Campaign for %y" generates a campaign called "Campaign for 2020" (assuming the year at generation time is 2020).
Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html).
Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/start-generate-campaign-template).
Calling this endpoint requires the ORG_ADMIN role.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template to use for generation.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: 'This response indicates that a campaign was successfully generated from this template, and the API returns a reference to the new campaign.'
content:
application/json:
schema:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/schedule':
get:
operationId: getCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Get Campaign Template Schedule
description: 'Use this API to get the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/get-campaign-template-schedule).'
security:
- UserContextAuth:
- 'idn:campaign-template:read'
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template whose schedule is being fetched.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'200':
description: 'Current schedule for the campaign template. See the [Set Campaign Template Schedule endpoint documentation](https://developer.sailpoint.com/docs/api/beta/set-campaign-template-schedule) for more examples.'
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Set Campaign Template Schedule
description: 'Use this API to set the schedule for a certification campaign template. If a schedule already exists, the API overwrites it with the new one. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/set-campaign-template-schedule).'
security:
- UserContextAuth:
- 'idn:campaign-template:run'
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template being scheduled.
example: 04bedce387bd47b2ae1f86eb0bb36dee
requestBody:
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
examples:
Monthly:
description: 'Runs on the 15th and last day of the month, at 5PM.'
value:
type: MONTHLY
hours:
type: LIST
values:
- '17'
days:
type: LIST
values:
- '15'
Once a year:
description: Runs every January 1st at midnight.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '0'
days:
type: LIST
values:
- '--01-01'
Quarterly:
description: Runs once a quarter (every 3 months) on the first of the month at 1AM.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '1'
months:
type: LIST
values:
- '1'
interval: 3
Yearly on Specific Days:
description: 'Runs on March 12 and December 5 at 1AM, every year.'
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '--03-12'
- '--12-05'
On a Specific Date:
description: 'Runs at 1AM on February 18th, 2020'
value:
type: CALENDAR
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '2020-02-18'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Delete Campaign Template Schedule
description: 'Use this API to delete the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. Though this Beta endpoint has been deprecated, you can find its V3 equivalent [here](https://developer.sailpoint.com/docs/api/v3/delete-campaign-template-schedule).'
security:
- UserContextAuth:
- 'idn:campaign-template:run'
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the campaign template whose schedule is being deleted.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reassign-async':
post:
operationId: submitReassignCertsAsync
tags:
- Certifications
summary: Reassign Certifications Asynchronously
description: This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
deprecated: true
security:
- UserContextAuth:
- 'idn:certification:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
responses:
'200':
description: A certification task object for the reassignment which can be queried for status.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The task id
example: abcd-ef12-3456
certificationId:
type: string
description: The certification id
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
enum:
- REASSIGN
status:
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
errors:
type: array
items:
type: string
description: Any errors executing the task (Optional).
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/tasks/{taskId}':
get:
operationId: getIdentityCertificationTaskStatus
tags:
- Certifications
summary: Certification Task Status
description: This API returns the status of a certification task. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
- in: path
name: taskId
schema:
type: string
required: true
description: The certification task ID
responses:
'200':
description: A certification task object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The task id
example: abcd-ef12-3456
certificationId:
type: string
description: The certification id
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
enum:
- REASSIGN
status:
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
errors:
type: array
items:
type: string
description: Any errors executing the task (Optional).
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/tasks-pending':
get:
operationId: getIdentityCertificationPendingTasks
tags:
- Certifications
summary: Pending Certification Tasks
description: This API returns the status of all pending (`QUEUED` or `IN_PROGRESS`) tasks for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
responses:
'200':
description: A list of pending (`QUEUED` or `IN_PROGRESS`) certification task objects.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The task id
example: abcd-ef12-3456
certificationId:
type: string
description: The certification id
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
enum:
- REASSIGN
status:
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
errors:
type: array
items:
type: string
description: Any errors executing the task (Optional).
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{certificationId}/access-review-items/{itemId}/permissions':
get:
operationId: getIdentityCertificationItemPermissions
tags:
- Certifications
summary: Permissions for Entitlement Certification Item
description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
deprecated: true
security:
- UserContextAuth:
- 'idn:certification:read'
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**target**: *eq, sw*
**rights**: *ca*
All field values (second filter operands) are case-insensitive for this API.
Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field.
For example, the following is valid: `?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22`
The following is invalid: `?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)`
example: target eq "SYS.OBJAUTH2"
- in: path
name: certificationId
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: itemId
schema:
type: string
required: true
description: The certification item ID
example: 2c91808671bcbab40171bd945d961227
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of permissions associated with the given itemId
content:
application/json:
schema:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reviewers':
get:
operationId: listCertificationReviewers
tags:
- Certifications
summary: List of Reviewers for certification
description: This API returns a list of reviewers for the certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
security:
- UserContextAuth:
- 'idn:certification:read'
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**email**: *eq, sw*
example: name eq "Bob"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, email**
example: name
responses:
'200':
description: A list of reviewers
content:
application/json:
schema:
type: array
items:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/connector-rules:
get:
tags:
- Connector Rule Management
operationId: getConnectorRuleList
summary: List Connector Rules
description: |-
Returns the list of connector rules.
A token with ORG_ADMIN authority is required to call this API.
responses:
'200':
description: A list of connector rules
content:
application/json:
schema:
type: array
items:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
post:
tags:
- Connector Rule Management
operationId: createConnectorRule
summary: Create Connector Rule
description: |-
Creates a new connector rule.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
description: The connector rule to create
content:
application/json:
schema:
description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
responses:
'201':
description: The created connector rule
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:manage'
'/connector-rules/{id}':
get:
tags:
- Connector Rule Management
summary: Connector-Rule by ID
operationId: getConnectorRule
description: |-
Returns the connector rule specified by ID.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: id
in: path
description: ID of the connector rule to retrieve
required: true
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: Connector rule with the given ID
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
put:
tags:
- Connector Rule Management
summary: Update a Connector Rule
description: |-
Updates an existing connector rule with the one provided in the request body. Note that the fields 'id', 'name', and 'type' are immutable.
A token with ORG_ADMIN authority is required to call this API.
operationId: updateConnectorRule
parameters:
- name: id
in: path
description: ID of the connector rule to update
required: true
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
description: The connector rule with updated data
content:
application/json:
schema:
description: ConnectorRuleUpdateRequest
allOf:
- type: object
required:
- id
properties:
id:
type: string
description: the ID of the rule to update
example: 8113d48c0b914f17b4c6072d4dcb9dfe
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
responses:
'200':
description: The updated connector rule
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:manage'
delete:
tags:
- Connector Rule Management
summary: Delete a Connector-Rule
description: |-
Deletes the connector rule specified by the given ID.
A token with ORG_ADMIN authority is required to call this API.
operationId: deleteConnectorRule
parameters:
- name: id
in: path
description: ID of the connector rule to delete
required: true
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:manage'
/connector-rules/validate:
post:
tags:
- Connector Rule Management
operationId: validateConnectorRule
summary: Validate Connector Rule
description: |-
Returns a list of issues within the code to fix, if any.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
description: The code to validate
content:
application/json:
schema:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
responses:
'200':
description: The status of the code's eligibility as a connector rule
content:
application/json:
schema:
description: ConnectorRuleValidationResponse
type: object
required:
- state
- details
properties:
state:
type: string
enum:
- OK
- ERROR
example: ERROR
details:
type: array
items:
description: CodeErrorDetail
type: object
required:
- line
- column
- message
properties:
line:
type: integer
description: The line number where the issue occurred
example: 2
column:
type: integer
description: the column number where the issue occurred
example: 5
messsage:
type: string
description: a description of the issue in the code
example: Remove reference to .decrypt(
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
/connectors:
get:
tags:
- Connectors
operationId: getConnectorList
summary: Gets connector list
description: |-
Fetches list of connectors that have 'RELEASED' status using filtering and pagination.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**type**: *eq*
**directConnect**: *eq*
**category**: *eq*
**features**: *ca*
example: directConnect eq "true"
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: locale
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
scriptName:
type: string
description: The connector script name
example: servicenow
className:
type: string
description: The connector class name.
nullable: true
example: sailpoint.connector.OpenConnectorAdapter
features:
type: array
description: The list of features supported by the connector
nullable: true
items:
type: string
example:
- PROVISIONING
- SYNC_PROVISIONING
- SEARCH
- UNSTRUCTURED_TARGETS
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
connectorMetadata:
type: object
description: Object containing metadata pertinent to the UI to be used
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-source-config:read'
/custom-password-instructions:
post:
operationId: createCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Create Custom Password Instructions
description: This API creates the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.'
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
pageContent: See company password policies for details by clicking here
responses:
'200':
description: Reference to the custom password instructions.
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.'
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
locale: default
pageContent: See company password policies for details by clicking here
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/custom-password-instructions/{pageId}':
get:
operationId: getCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Get Custom Password Instructions by Page ID
description: This API returns the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: pageId
schema:
type: string
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
required: true
description: The page ID of custom password instructions to query.
example: 'mfa:select'
- in: query
name: locale
schema:
type: string
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
responses:
'200':
description: Reference to the custom password instructions.
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.'
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
locale: default
pageContent: See company password policies for details by clicking here
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Delete Custom Password Instructions by page ID
description: This API delete the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: pageId
schema:
type: string
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
required: true
description: The page ID of custom password instructions to delete.
example: 'mfa:select'
- in: query
name: locale
schema:
type: string
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/entitlements:
get:
operationId: listEntitlements
tags:
- Entitlements
summary: Gets a list of entitlements.
security:
- UserContextAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
description: |-
This API returns a list of entitlements.
This API can be used in one of the two following ways: either getting entitlements for a specific **account-id**, or getting via use of **filters** (those two options are exclusive).
Any authenticated token can call this API.
parameters:
- in: query
name: account-id
schema:
type: string
description: 'The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the **filters**, **segmented-for-identity**, **for-segment-ids**, or **include-unsegmented** param(s).'
example: ef38f94347e94562b5bb8424a56397d8
required: false
- in: query
name: segmented-for-identity
schema:
type: string
description: |-
If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value **me** can stand in for the current user's Identity ID.
Cannot be specified with the **account-id** or **for-segment-ids** param(s). It is also illegal to specify a value that refers to a different user's Identity.
example: me
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.
Cannot be specified with the **account-id** or **segmented-for-identity** param(s).
example: '041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Entitlements. If **for-segment-ids** and **segmented-for-identity** are both absent or empty, specifying **include-unsegmented=false** results in an error.'
example: true
required: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id, requestable**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
example: attribute eq "memberOf"
required: false
style: form
explode: true
responses:
'200':
description: List of entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}':
get:
operationId: getEntitlement
tags:
- Entitlements
summary: Get an entitlement
description: This API returns an entitlement by its ID.
security:
- UserContextAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The entitlement ID
example: 2c91808874ff91550175097daaec161c
responses:
'200':
description: An entitlement
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
example:
sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2c9180858315595501831958427e5424
name: Addie Smith
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchEntitlement
tags:
- Entitlements
summary: Patch an entitlement
description: |-
This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: **requestable**, **privileged**, **segments**, **owner**, **name**, **description**, and **manuallyUpdatedFields**
When you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY.
A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:entitlement:manage'
parameters:
- name: id
in: path
description: ID of the entitlement to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121e121518
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /requestable
value: true
examples:
Make an entitlement requestable and privileged in one call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /requestable
value: true
- op: replace
path: /privileged
value: true
Assign an entitlement to a segment:
description: This example shows how to use patch to assign an entitlement to a segment by adding the segment's ID to the entitlement's segments array.
value:
- op: add
path: /segments/-
value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19
Assign an owner to an entitlement:
description: This example shows how to use patch to assign an owner to an entitlement by adding the owner's info to the entitlement.
value:
- op: add
path: /owner
value:
type: IDENTITY
id: 2c9180858315595501831958427e5424
Replace an owner for an entitlement:
description: This example shows how to use patch to replace an entitlement's owner by replacing the owner's info to the entitlement.
value:
- op: replace
path: /owner
value:
type: IDENTITY
id: 2c9180858315595501831958427e5424
Set entitlement manually updated fields:
description: 'This example shows how to set an entitlement''s manually updated fields values with patch request. Values for all manually updateable fields must be specified in the request. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
value:
- op: replace
path: /manuallyUpdatedFields
value:
DISPLAY_NAME: true
DESCRIPTION: true
Add the description for an entitlement:
description: This example shows how to use patch to add a description for the entitlement.
value:
- op: add
path: /description
value: new description for the entitlement
Update the name for an entitlement:
description: This example shows how to use patch to update an entitlement's name.
value:
- op: replace
path: /name
value: entitlement new name
responses:
'200':
description: Responds with the entitlement as updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}/parents':
get:
operationId: listEntitlementParents
tags:
- Entitlements
summary: List of entitlements parents
description: This API returns a list of all parent entitlements of a given entitlement.
security:
- UserContextAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
description: Entitlement Id
example: 2c91808c74ff913f0175097daa9d59cd
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
example: attribute eq "memberOf"
required: false
style: form
explode: true
responses:
'200':
description: List of entitlements parents from an entitlement
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
example:
- sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2a2fdacca5e345f18bf7970cfbb8fec2
name: identity 1
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}/children':
get:
operationId: listEntitlementChildren
tags:
- Entitlements
summary: List of entitlements children
description: This API returns a list of all child entitlements of a given entitlement.
security:
- UserContextAuth:
- 'idn:entitlement:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
description: Entitlement Id
example: 2c91808874ff91550175097daaec161c
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
example: attribute eq "memberOf"
required: false
style: form
explode: true
responses:
'200':
description: List of entitlements children from an entitlement
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
example:
- sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2a2fdacca5e345f18bf7970cfbb8fec2
name: identity 1
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/entitlements/bulk-update:
post:
operationId: updateEntitlementsInBulk
tags:
- Entitlements
summary: Bulk update an entitlement list
description: |-
This API applies an update to every entitlement of the list.
The number of entitlements to update is limited to 50 items maximum.
The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations : **{ "op": "replace", "path": "/privileged", "value": boolean }** **{ "op": "replace", "path": "/requestable","value": boolean }**
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
entitlementIds:
type: array
description: List of entitlement ids to update
maxItems: 50
items:
type: string
example:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
- 2c91808a7624751a01762f19d692220f
jsonPatch:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /privileged
value: false
- op: replace
path: /requestable
value: false
example:
entitlementIds:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
- 2c91808a7624751a01762f19d692220f
jsonPatch:
- op: replace
path: /privileged
value: false
- op: replace
path: /requestable
value: false
required:
- entitlementIds
- jsonPatch
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}/entitlement-request-config':
get:
operationId: getEntitlementRequestConfig
tags:
- Entitlements
summary: Get Entitlement Request Config
description: This API returns the entitlement request config for a specified entitlement.
security:
- UserContextAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Entitlement Id
example: 2c91808874ff91550175097daaec161c
responses:
'200':
description: An Entitlement Request Config
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
example:
accessRequestConfig:
requestCommentRequired: true
denialCommentRequired: true
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putEntitlementRequestConfig
tags:
- Entitlements
summary: Replace Entitlement Request Config
description: This API replaces the entitlement request config for a specified entitlement.
security:
- UserContextAuth:
- 'idn:entitlement:manage'
parameters:
- name: id
in: path
description: Entitlement ID
required: true
schema:
type: string
example: 2c91808a7813090a017814121e121518
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
responses:
'200':
description: Responds with the entitlement request config as updated.
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
example:
accessRequestConfig:
requestCommentRequired: true
denialCommentRequired: true
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/reset/sources/{id}':
post:
operationId: resetSourceEntitlements
tags:
- Entitlements
summary: Reset Source Entitlements
description: Removes all entitlements on a specific source.
parameters:
- name: id
in: path
description: ID of source for the entitlement reset
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
responses:
'202':
description: Entitlement source reset task result
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: The DTO type
example: TASK_RESULT
id:
type: string
description: The task ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Entitlement Source Reset
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:entitlement:update'
'/entitlements/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}':
post:
summary: Add metadata to an entitlement.
description: Add single Access Model Metadata to an entitlement.
tags:
- Entitlements
operationId: createAccessModelMetadataForEntitlement
security:
- UserContextAuth:
- 'idn:entitlement:update'
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The entitlement id.
example: 2c91808c74ff913f0175097daa9d59cd
- name: attributeKey
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
schema:
type: string
description: Technical name of the Attribute Value.
example: public
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
summary: Remove metadata from an entitlement.
description: Remove single Access Model Metadata from an entitlement.
tags:
- Entitlements
operationId: deleteAccessModelMetadataFromEntitlement
security:
- UserContextAuth:
- 'idn:entitlement:delete'
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The entitlement id.
example: 2c91808c74ff913f0175097daa9d59cd
- name: attributeKey
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
schema:
type: string
description: Technical name of the Attribute Value.
example: public
responses:
'200':
description: OK
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/aggregate/sources/{id}':
post:
tags:
- Entitlements
summary: Aggregate Entitlements
deprecated: true
operationId: importEntitlementsBySource
description: |-
Starts an entitlement aggregation on the specified source. Though this endpoint has been deprecated, you can find its Beta equivalent [here](https://developer.sailpoint.com/docs/api/beta/import-entitlements).
If the target source is a direct connection, then the request body must be empty. You will also need to make sure the Content-Type header is not set. If you set the Content-Type header without specifying a body, then you will receive a 500 error.
If the target source is a delimited file source, then the CSV file needs to be included in the request body. You will also need to set the Content-Type header to `multipart/form-data`.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source Id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
csvFile:
type: string
format: binary
description: The CSV file containing the source entitlements to aggregate.
responses:
'202':
description: Aggregate Entitlements Task
content:
application/json:
schema:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: ef38f94347e94562b5bb8424a56397d8
type:
description: Type of task this task represents
type: string
example: QUARTZ
uniqueName:
description: The name of the task
type: string
example: Cloud Group Aggregation
description:
description: The description of the task
type: string
example: Aggregate from the specified application
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
description: The creation date of the task
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
returns:
description: Return values from the task
type: array
items:
type: object
properties:
displayLabel:
description: The display label for the return value
type: string
example: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName:
description: The attribute name for the return value
type: string
example: applications
example:
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_CREATED
attributeName: groupsCreated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_UPDATED
attributeName: groupsUpdated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_DELETED
attributeName: groupsDeleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:entitlements:manage'
/generate-password-reset-token/digit:
post:
operationId: generateDigitToken
tags:
- Password Management
summary: Generate a digit token
description: 'This API is used to generate a digit token for password management. Requires authorization scope of "idn:password-digit-token:create".'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- userId
properties:
userId:
type: string
description: The uid of the user requested for digit token
example: Abby.Smith
length:
type: integer
description: 'The length of digit token. It should be from 6 to 18, inclusive. The default value is 6.'
example: 8
durationMinutes:
type: integer
description: The time to live for the digit token in minutes. The default value is 5 minutes.
example: 5
example:
userId: Abby.Smith
length: 8
durationMinutes: 5
responses:
'200':
description: The digit token for password management.
content:
application/json:
schema:
type: object
properties:
digitToken:
type: string
description: The digit token for password management
example: 09087713
requestId:
type: string
description: The reference ID of the digit token generation request
example: e1267ecd-fcd9-4c73-9c55-12555efad136
example:
digitToken: 09087713
requestId: e1267ecd-fcd9-4c73-9c55-12555efad136
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/historical-identities:
get:
operationId: listHistoricalIdentities
summary: Lists all the identities
description: 'This gets the list of identities for the customer. This list end point does not support count=true request param. The total count of identities would never be returned even if the count param is specified in the request Requires authorization scope of ''idn:identity-history:read'''
security:
- UserContextAuth:
- 'idn:identity-history:read'
tags:
- Identity History
parameters:
- in: query
name: starts-with-query
schema:
type: string
description: 'This param is used for starts-with search for first, last and display name of the identity'
example: Ada
- in: query
name: is-deleted
schema:
type: boolean
description: Indicates if we want to only list down deleted identities or not.
example: true
- in: query
name: is-active
schema:
type: boolean
description: Indicates if we want to only list active or inactive identities.
example: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
responses:
'200':
description: List of identities for the customer.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
firstName:
type: string
nullable: true
description: the first name of the identity
example: Adam
lastName:
type: string
nullable: true
description: the last name of the identity
example: Zampa
active:
type: boolean
default: true
description: indicates if an identity is active or not
example: true
deletedDate:
type: string
nullable: true
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}':
get:
operationId: getHistoricalIdentity
tags:
- Identity History
summary: Get latest snapshot of identity
description: 'This method retrieves a specified identity Requires authorization scope of ''idn:identity-history:read'''
security:
- UserContextAuth:
- 'idn:identity-history:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: The identity object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
deletedDate:
type: string
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
accessItemCount:
type: object
description: A map containing the count of each access item
example:
app: 0
role: 2
entitlement: 4
accessProfile: 3
account: 1
additionalProperties:
type: integer
format: int32
attributes:
type: object
description: A map containing the identity attributes
additionalProperties: true
example:
jobTitle: HR Manager
location: NYC
firstname: Adam
lastname: Zampa
department: HR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/access-items':
get:
operationId: listIdentityAccessItems
tags:
- Identity History
summary: Gets a list of access items for the identity filtered by item type
description: 'This method retrieves a list of access item for the identity filtered by the access item type Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: type
schema:
type: string
description: |-
The type of access item for the identity. If not provided, it defaults to account.
Types of access items: **accessProfile, account, app, entitlement, role**
example: account
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**source**: *eq*
**standalone**: *eq*
**privileged**: *eq*
**attribute**: *eq*
**cloudGoverned**: *eq*
example: source eq "DataScienceDataset"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, value, standalone, privileged, attribute, source, cloudGoverned, removeDate, nativeIdentity, entitlementCount**
example: name
- in: query
name: query
schema:
type: string
description: |-
This param is used to search if certain fields of the access item contain the string provided.
Searching is supported for the following fields depending on the type:
Access Profiles: **name, description**
Accounts: **name, nativeIdentity**
Apps: **name**
Entitlements: **name, value, description**
Roles: **name, description**
example: Dr. Arden
responses:
'200':
description: The list of access items.
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
examples:
Access Profile:
description: An access profile response
value:
- accessType: accessProfile
id: 2c918087763e69d901763e72e97f006f
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: AccessProfile - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
entitlementCount: 12
appDisplayName: AppName
removeDate: 2024-07-01T06:00:00.000Z
standalone: false
revocable: true
Account:
description: An account response
value:
- accessType: account
id: 2c918087763e69d901763e72e97f006f
nativeIdentity: dr.arden.ogahn.d
sourceName: DataScienceDataset
sourceId: 2793o32dwd
entitlementCount: 12
displayName: Dr. Arden Rogahn MD
App:
description: An app response
value:
- accessType: app
id: 2c918087763e69d901763e72e97f006f
name: appName
appRoleId: 2c918087763e69d901763e72e97f006f
Entitlement:
description: An entitlement event
value:
- accessType: entitlement
id: 2c918087763e69d901763e72e97f006f
attribute: groups
value: Upward mobility access
type: group
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: Entitlement - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
standalone: true
privileged: false
cloudGoverned: false
Role:
description: A role response
value:
- accessType: role
id: 2c918087763e69d901763e72e97f006f
name: sample
description: Role - Workday/Citizenship access
removeDate: 2024-07-01T06:00:00.000Z
revocable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-history:read'
'/historical-identities/{id}/snapshots':
get:
operationId: listIdentitySnapshots
tags:
- Identity History
summary: Lists all the snapshots for the identity
description: 'This method retrieves all the snapshots for the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: start
schema:
type: string
description: The specified start date
example: '2007-03-01T13:00:00Z'
- in: query
name: interval
schema:
type: string
enum:
- day
- month
description: The interval indicating the range in day or month for the specified interval-name
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of identity summary for each snapshot.
content:
application/json:
schema:
type: array
items:
type: object
properties:
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshot-summary':
get:
operationId: getIdentitySnapshotSummary
tags:
- Identity History
summary: Gets the summary for the event count for a specific identity
description: 'This method gets the summary for the event count for a specific identity by month/day Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: before
schema:
type: string
description: The date before which snapshot summary is required
example: '2007-03-01T13:00:00Z'
- in: query
name: interval
schema:
type: string
enum:
- day
- month
description: The interval indicating day or month. Defaults to month if not specified
- in: query
name: time-zone
schema:
type: string
description: The time zone. Defaults to UTC if not provided
example: UTC
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A summary list of identity changes in date histogram format.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: the name of metric
value:
type: number
description: the value associated to the metric
example:
name: '2021-04-01T00:00:00.000Z'
value: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshots/{date}':
get:
operationId: getIdentitySnapshot
tags:
- Identity History
summary: Gets an identity snapshot at a given date
description: 'This method retrieves a specified identity snapshot at a given date Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: date
schema:
type: string
description: The specified date
example: '2007-03-01T13:00:00Z'
required: true
responses:
'200':
description: The identity object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
deletedDate:
type: string
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
accessItemCount:
type: object
description: A map containing the count of each access item
example:
app: 0
role: 2
entitlement: 4
accessProfile: 3
account: 1
additionalProperties:
type: integer
format: int32
attributes:
type: object
description: A map containing the identity attributes
additionalProperties: true
example:
jobTitle: HR Manager
location: NYC
firstname: Adam
lastname: Zampa
department: HR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshots/{date}/access-items':
get:
operationId: listIdentitySnapshotAccessItems
tags:
- Identity History
summary: Get Identity Access Items Snapshot
description: 'Use this API to get a list of identity access items at a specified date, filtered by item type.'
security:
- UserContextAuth:
- 'idn:identity-history:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Identity ID.
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: date
schema:
type: string
required: true
description: Specified date.
example: '2007-03-01T13:00:00Z'
- in: query
name: type
schema:
type: string
description: Access item type.
example: account
responses:
'200':
description: Identity object.
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
examples:
Access Item AccessProfile Response:
description: An access profile response
value:
- type: accessProfile
id: 2c918087763e69d901763e72e97f006f
name: sample
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: AccessProfile - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
entitlementCount: 12
appDisplayName: AppName
Access Item Account Response:
description: An account response
value:
- type: account
id: 2c918087763e69d901763e72e97f006f
nativeIdentity: dr.arden.ogahn.d
sourceName: DataScienceDataset
sourceId: 2793o32dwd
entitlementCount: 12
displayName: Dr. Arden Rogahn MD
Access Item App Response:
description: An app response
value:
- type: app
id: 2c918087763e69d901763e72e97f006f
name: appName
Access Item Entitlement Response:
description: An entitlement event
value:
- type: entitlement
id: 2c918087763e69d901763e72e97f006f
attribute: groups
value: Upward mobility access
entitlementType: entitlement
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: Entitlement - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
Access Item Role Response:
description: A role response
value:
- type: role
id: 2c918087763e69d901763e72e97f006f
name: sample
description: Role - Workday/Citizenship access
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/common-access:
get:
operationId: getCommonAccess
summary: Get a paginated list of common access
tags:
- IAI Common Access
description: 'This endpoint returns the current common access for a customer. The returned items can be filtered and sorted. Requires authorization scope of iai:access-modeling:read'
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq, sw*
**reviewedByUser** *eq*
**access.id**: *eq, sw*
**access.type**: *eq*
**access.name**: *sw, eq*
**access.description**: *sw, eq*
example: access.type eq "ROLE"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name, status**
By default the common access items are sorted by name, ascending.
example: access.name
responses:
'200':
description: Succeeded. Returns a list of common access for a customer.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Unique ID of the common access item
example: 555ab47a-0d32-4813-906f-adf3567de6a4
access:
description: common access item
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
description: CONFIRMED or DENIED
commonAccessType:
type: string
example: UNSET
lastUpdated:
type: string
readOnly: true
format: date-time
reviewedByUser:
type: boolean
description: true if user has confirmed or denied status
lastReviewed:
type: string
readOnly: true
format: date-time
nullable: true
createdByUser:
type: boolean
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCommonAccess
summary: Create common access items
tags:
- IAI Common Access
description: 'This API is used to add roles/access profiles to the list of common access for a customer. Requires authorization scope of iai:access-modeling:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
access:
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
enum:
- CONFIRMED
- DENIED
description: State of common access item.
responses:
'202':
description: Returns details of the common access classification request.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Common Access Item ID
access:
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
enum:
- CONFIRMED
- DENIED
description: State of common access item.
lastUpdated:
type: string
reviewedByUser:
type: boolean
lastReviewed:
type: string
createdByUser:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/common-access/update-status:
post:
operationId: updateCommonAccessStatusInBulk
summary: Bulk update common access status
tags:
- IAI Common Access
description: 'This submits an update request to the common access application. At this time there are no parameters. Requires authorization scope of iai:access-modeling:update'
requestBody:
description: Confirm or deny in bulk the common access ids that are (or aren't) common access
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
confirmedIds:
description: List of confirmed common access ids.
type: array
items:
type: string
format: uuid
deniedIds:
description: List of denied common access ids.
type: array
items:
type: string
format: uuid
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/events':
get:
operationId: getHistoricalIdentityEvents
tags:
- Identity History
summary: Lists all events for the given identity
description: 'This method retrieves all access events for the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: from
schema:
type: string
description: The optional instant until which access events are returned
example: '2024-03-01T13:00:00Z'
- in: query
name: eventTypes
schema:
type: array
items:
type: string
description: 'An optional list of event types to return. If null or empty, all events are returned'
example:
- AccessAddedEvent
- AccessRemovedEvent
- in: query
name: accessItemTypes
schema:
type: array
items:
type: string
description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned'
example:
- entitlement
- account
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: The list of events for the identity
content:
application/json:
schema:
type: array
items:
anyOf:
- type: object
properties:
accessItem:
type: object
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
example:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
identityId:
type: string
description: the identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
eventType:
type: string
description: the event type
example: AccessItemAssociated
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
governanceEvent:
example:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
type: object
properties:
name:
type: string
description: 'The name of the governance event, such as the certification name or access request ID.'
example: Manager Certification for Jon Snow
dt:
type: string
description: The date that the certification or access request was completed.
example: '2019-03-08T22:37:33.901Z'
type:
type: string
enum:
- certification
- accessRequest
description: The type of governance event.
example: certification
governanceId:
type: string
description: The ID of the instance that caused the event - either the certification ID or access request ID.
example: 2c91808a77ff216301782327a50f09bf
owners:
type: array
description: The owners of the governance event (the certifiers or approvers)
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners'
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
decisionMaker:
description: The decision maker
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
- type: object
properties:
accessItem:
type: object
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: 2024-07-01T06:00:00.000Z
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
example:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
identityId:
type: string
description: the identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
eventType:
type: string
description: the event type
example: AccessItemRemoved
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
governanceEvent:
example:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
type: object
properties:
name:
type: string
description: 'The name of the governance event, such as the certification name or access request ID.'
example: Manager Certification for Jon Snow
dt:
type: string
description: The date that the certification or access request was completed.
example: '2019-03-08T22:37:33.901Z'
type:
type: string
enum:
- certification
- accessRequest
description: The type of governance event.
example: certification
governanceId:
type: string
description: The ID of the instance that caused the event - either the certification ID or access request ID.
example: 2c91808a77ff216301782327a50f09bf
owners:
type: array
description: The owners of the governance event (the certifiers or approvers)
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners'
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
decisionMaker:
description: The decision maker
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
- type: object
properties:
changes:
type: array
items:
type: object
properties:
name:
type: string
description: the attribute name
previousValue:
type: string
description: the old value of attribute
newValue:
type: string
description: the new value of attribute
example:
name: firstname
previousValue: adam
newValue: zampa
eventType:
type: string
description: the event type
identityId:
type: string
description: the identity id
dt:
type: string
description: the date of event
example:
attributeChanges:
name: firstname
previousValue: adam
newValue: zampa
eventType: AttributesChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
- type: object
properties:
accessRequest:
description: the access request details
type: object
properties:
requesterId:
type: string
example: 2c91808a77ff216301782327a50f09bf
description: the requester Id
requesterName:
type: string
example: Bing C
description: the requesterName
items:
type: array
example:
- operation: Add
accessItemType: role
name: Role-1
decision: APPROVED
description: The role descrition
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: Source1
approvalInfos:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
items:
type: object
properties:
operation:
type: string
example: Add
description: the access request item operation
accessItemType:
type: string
example: role
description: the access item type
name:
type: string
example: Role-1
description: the name of access request item
decision:
type: string
example: APPROVED
enum:
- APPROVED
- REJECTED
description: the final decision for the access request
description:
type: string
example: The role descrition
description: the description of access request item
sourceId:
type: string
example: 8a80828f643d484f01643e14202e206f
description: the source id
sourceName:
type: string
example: Source1
description: the source Name
approvalInfos:
type: array
example:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
items:
type: object
properties:
id:
type: string
example: 8a80828f643d484f01643e14202e2000
description: the id of approver
name:
type: string
example: John Snow
description: the name of approver
status:
type: string
example: Approved
description: the status of the approval request
identityId:
type: string
example: 8a80828f643d484f01643e14202e206f
description: the identity id
eventType:
type: string
example: AccessRequested
description: the event type
dt:
type: string
example: '2019-03-08T22:37:33.901Z'
description: the date of event
- type: object
properties:
certificationId:
type: string
description: the id of the certification item
example: 2c91808a77ff216301782327a50f09bf
certificationName:
type: string
description: the certification item name
example: Cert name
signedDate:
type: string
description: the date ceritification was signed
example: '2019-03-08T22:37:33.901Z'
certifiers:
type: array
description: this field is deprecated and may go away
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: The list of identities who review this certification
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
signer:
description: Identity who signed off on the certification
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
eventType:
type: string
description: the event type
example: IdentityCertified
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
- type: object
properties:
eventType:
type: string
description: the event type
identityId:
type: string
description: the identity id
dt:
type: string
description: the date of event
account:
type: object
properties:
id:
type: string
description: the ID of the account in the database
nativeIdentity:
type: string
description: the native identifier of the account
displayName:
type: string
description: the display name of the account
sourceId:
type: string
description: the ID of the source for this account
sourceName:
type: string
description: the name of the source for this account
entitlementCount:
type: integer
description: the number of entitlements on this account
accessType:
type: string
description: this value is always "account"
statusChange:
type: object
properties:
previousStatus:
type: string
description: the previous status of the account
enum:
- enabled
- disabled
- locked
newStatus:
type: string
description: the new status of the account
enum:
- enabled
- disabled
- locked
example:
account:
id: 2c91808a77ff216301782327a50f09bf
nativeIdentity: 127999
displayName: Sample Name
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: JDBC Entitlements Source
entitlementCount: 0
accessType: account
statusChange:
previousStatus: enabled
newStatus: disabled
eventType: AccountStatusChanged
identityId: 8a80828f643d484f01643e14202e206f
date: '2019-03-08T22:37:33.901Z'
examples:
AccessItemAssociated:
description: An Access item associated event
value:
- accessItem:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
eventType: AccessItemAssociated
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
governanceEvent:
name: Access Request 58
dt: '2019-03-08T22:37:33.901Z'
type: accessRequest
governanceId: 2c91808a77ff216301782327a50f09e1
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
AccessItemRemoved:
description: An Access item removed event
value:
- accessItem:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
eventType: AccessItemRemoved
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
governanceEvent:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
AttributesChanged:
description: An attribute changed event
value:
- attributeChanges:
- name: firstname
previousValue: adam
newValue: zampa
eventType: AttributesChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
AccessRequested:
description: An access requested event
value:
accessRequest:
requesterId: 2c91808a77ff216301782327a50f09bf
requestName: Bing C
items:
- operation: Add
accessItemType: role
name: Role-1
decision: APPROVED
description: The role descrition
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: Source1
approvalInfos:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
eventType: AccessRequested
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
IdentityCertified:
description: An identity certified event
value:
- certification:
id: 2c91808a77ff216301782327a50f09bf
name: Cert name
signedDate: '2019-03-08T22:37:33.901Z'
certifiers:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
- id: 8a80828f643d484f01643e14202e206f
displayName: Daenerys Targaryen
signer:
id: 8a80828f643d484f01643e14202e206f
displayName: Tyrion Lannister
eventType: IdentityCertified
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
AccountStatusChanged:
description: An account status changed event
value:
- account:
id: 2c91808a77ff216301782327a50f09bf
nativeIdentity: 127999
displayName: Sample Name
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: JDBC Entitlements Source
entitlementCount: 0
accessType: account
statusChange:
previousStatus: ENABLED
newStatus: DISABLED
eventType: AccountStatusChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/start-date':
get:
operationId: getIdentityStartDate
tags:
- Identity History
summary: Gets the start date of the identity
description: 'This method retrieves start date of the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: The start date of the identity
content:
application/json:
schema:
type: string
example: '2017-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/compare':
get:
operationId: compareIdentitySnapshots
tags:
- Identity History
summary: Gets a difference of count for each access item types for the given identity between 2 snapshots
description: 'This method gets a difference of count for each access item types for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: snapshot1
schema:
type: string
description: The snapshot 1 of identity
example: '2007-03-01T13:00:00Z'
- in: query
name: snapshot2
schema:
type: string
description: The snapshot 2 of identity
example: '2008-03-01T13:00:00Z'
- in: query
name: accessItemTypes
schema:
type: array
items:
type: string
description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned '
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A IdentityCompare object with difference details for each access item type
content:
application/json:
schema:
type: array
items:
type: object
properties:
accessItemDiff:
type: object
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
additionalProperties:
type: object
example:
accessItemDiff:
role:
accessAdded: 2
accessRemoved: 3
entitlement:
accessAdded: 4
accessRemoved: 0
accessProfile:
accessAdded: 0
accessRemoved: 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/compare/{access-type}':
get:
operationId: compareIdentitySnapshotsAccessType
tags:
- Identity History
summary: Gets a list of differences of specific accessType for the given identity between 2 snapshots
description: 'This method gets a list of differences of specific accessType for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: accessType
schema:
type: string
required: true
description: The specific type which needs to be compared
example: role
- in: query
name: access-associated
schema:
type: boolean
description: 'Indicates if added or removed access needs to be returned. true - added, false - removed, null - both added & removed'
example: '2007-03-01T13:00:00Z'
- in: query
name: snapshot1
schema:
type: string
description: The snapshot 1 of identity
example: '2008-03-01T13:00:00Z'
- in: query
name: snapshot2
schema:
type: string
description: The snapshot 2 of identity
example: '2009-03-01T13:00:00Z'
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of events for the identity
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: the id of the access item
eventType:
type: string
enum:
- ADD
- REMOVE
displayName:
type: string
description: the display name of the access item
sourceName:
type: string
description: the source name of the access item
example:
id: 2c91808c7726345b017726a0a2fb013b
eventType: ADD
displayName: Test
sourceName: Source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/synchronize-attributes':
post:
operationId: synchronizeAttributesForIdentity
tags:
- Identities
summary: Attribute synchronization for single identity.
description: This end-point performs attribute synchronization for a selected identity. The endpoint can be called once in 10 seconds per identity. A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: The Identity id
responses:
'202':
description: An Identity Sync job
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Job ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status:
type: string
description: The job status.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: IN_PROGRESS
payload:
description: Job payload.
example:
type: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}'
type: object
properties:
type:
type: string
description: Payload type.
example: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson:
type: string
description: Payload type.
example: '{"identityId":"2c918083746f642c01746f990884012a"}'
required:
- type
- dataJson
required:
- id
- status
- payload
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3dfc
status: IN_PROGRESS
payload:
type: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/ownership':
get:
operationId: getIdentityOwnershipDetails
summary: Get ownership details
tags:
- Identities
description: |-
Use this API to return an identity's owned objects that will cause problems for deleting the identity.
Use this API as a checklist of objects that you need to reassign to a different identity before you can delete the identity.
For a full list of objects owned by an identity, use the [Search API](https://developer.sailpoint.com/docs/api/v3/search-post/). When you search for identities, the returned identities have a property, `owns`, that contains a more comprehensive list of identity's owned objects.
security:
- UserContextAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: Identity ID.
example: ff8081814d2a8036014d701f3fbf53fa
responses:
'200':
description: Identity's ownership association details.
content:
application/json:
schema:
type: object
properties:
associationDetails:
type: array
description: list of all the resource associations for the identity
items:
type: object
properties:
associationType:
type: string
description: association type with the identity
example: ROLE_OWNER
entities:
type: array
description: the specific resource this identity has ownership on
items:
type: object
properties:
identityEntity:
type: object
properties:
id:
type: string
description: id of the resource to which the identity is associated
example: 031034e97f094a4096c1be53f75f6b91
name:
type: string
description: name of the resource to which the identity is associated
example: Gaston.800ddf9640a
type:
type: string
description: type of the resource to which the identity is associated
example: CAMPAIGN_CAMPAIGNER
example:
id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: ROLE
example:
associationDetails:
associationType: ROLE_OWNER
entities:
- id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: ROLE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities:
get:
operationId: listIdentities
tags:
- Identities
summary: List Identities
description: This API returns a list of identities.
security:
- UserContextAuth:
- 'idn:identity:read'
- 'idn:identity:manage'
parameters:
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**alias**: *eq, sw*
**firstname**: *eq, sw*
**lastname**: *eq, sw*
**email**: *eq, sw*
**cloudStatus**: *eq*
**processingState**: *eq*
**correlated**: *eq*
**protected**: *eq*
example: id eq "6c9079b270a266a60170a2779fcb0006" or correlated eq false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, alias, cloudStatus**
example: 'name,-cloudStatus'
- in: query
name: defaultFilter
schema:
type: string
enum:
- CORRELATED_ONLY
- NONE
default: CORRELATED_ONLY
required: false
description: |-
Adds additional filter to filters query parameter.
CORRELATED_ONLY adds correlated=true and returns only identities that are correlated.
NONE does not add any and returns all identities that satisfy filters query parameter.
example: NONE
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
responses:
'200':
description: List of identities.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
title: IdentityDto
properties:
alias:
type: string
description: Alternate unique identifier for the identity
example: walter.white
emailAddress:
type: string
description: The email address of the identity
example: sender@example.com
nullable: true
processingState:
type: string
nullable: true
description: The processing state of the identity
enum:
- ERROR
- OK
- null
example: ERROR
identityStatus:
type: string
description: The identity's status in the system
enum:
- UNREGISTERED
- REGISTERED
- PENDING
- WARNING
- DISABLED
- ACTIVE
- DEACTIVATED
- TERMINATED
- ERROR
- LOCKED
example: LOCKED
managerRef:
type: object
description: Identity's manager.
nullable: true
properties:
type:
type: string
description: DTO type of identity's manager.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity's manager.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity's manager.
example: Robert Robinson
isManager:
type: boolean
description: Whether this identity is a manager of another identity
default: false
example: true
lastRefresh:
type: string
format: date-time
description: The last time the identity was refreshed by the system
example: '2020-11-22T15:42:31.123Z'
attributes:
type: object
description: A map with the identity attributes for the identity
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
lifecycleState:
allOf:
- type: object
properties:
stateName:
type: string
description: The name of the lifecycle state
example: active
manuallyUpdated:
type: boolean
description: Whether the lifecycle state has been manually or automatically set
example: true
required:
- stateName
- manuallyUpdated
- nullable: true
description: Lifecycle state details that include lifecycle state name and whether this lifecycle state has been set manually
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{id}':
get:
operationId: getIdentity
tags:
- Identities
summary: Identity Details
description: This API returns a single identity using the Identity ID.
security:
- UserContextAuth:
- 'idn:identity:read'
- 'idn:identity:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An identity object
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
title: IdentityDto
properties:
alias:
type: string
description: Alternate unique identifier for the identity
example: walter.white
emailAddress:
type: string
description: The email address of the identity
example: sender@example.com
nullable: true
processingState:
type: string
nullable: true
description: The processing state of the identity
enum:
- ERROR
- OK
- null
example: ERROR
identityStatus:
type: string
description: The identity's status in the system
enum:
- UNREGISTERED
- REGISTERED
- PENDING
- WARNING
- DISABLED
- ACTIVE
- DEACTIVATED
- TERMINATED
- ERROR
- LOCKED
example: LOCKED
managerRef:
type: object
description: Identity's manager.
nullable: true
properties:
type:
type: string
description: DTO type of identity's manager.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity's manager.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity's manager.
example: Robert Robinson
isManager:
type: boolean
description: Whether this identity is a manager of another identity
default: false
example: true
lastRefresh:
type: string
format: date-time
description: The last time the identity was refreshed by the system
example: '2020-11-22T15:42:31.123Z'
attributes:
type: object
description: A map with the identity attributes for the identity
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
lifecycleState:
allOf:
- type: object
properties:
stateName:
type: string
description: The name of the lifecycle state
example: active
manuallyUpdated:
type: boolean
description: Whether the lifecycle state has been manually or automatically set
example: true
required:
- stateName
- manuallyUpdated
- nullable: true
description: Lifecycle state details that include lifecycle state name and whether this lifecycle state has been set manually
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIdentity
tags:
- Identities
summary: Delete identity
description: The API returns successful response if the requested identity was deleted.
security:
- UserContextAuth:
- 'idn:identity:delete'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request is invalid. It may indicate that the specified identity is marked as protected and cannot be deleted.
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: any additional context information of the http call result
example: Identity cannot be deleted as it is owner of following resources
associationDetails:
type: array
description: list of all the resource associations for the identity
items:
type: object
properties:
associationType:
type: string
description: association type with the identity
example: CAMPAIGN_OWNER
entities:
type: array
description: the specific resource this identity has ownership on
items:
type: object
properties:
identityEntity:
type: object
properties:
id:
type: string
description: id of the resource to which the identity is associated
example: 031034e97f094a4096c1be53f75f6b91
name:
type: string
description: name of the resource to which the identity is associated
example: Gaston.800ddf9640a
type:
type: string
description: type of the resource to which the identity is associated
example: CAMPAIGN_CAMPAIGNER
example:
id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: CAMPAIGN_CAMPAIGNER
example:
message: Identity is the owner of following resources
associationDetails:
associationType: CAMPAIGN_OWNER
entities:
- id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: CAMPAIGN_CAMPAIGNER
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities/invite:
post:
operationId: startIdentitiesInvite
tags:
- Identities
summary: Invite identities to register
description: |
This API submits a task for inviting given identities via email to complete registration. The invitation email will include the link. After selecting the link an identity will be able to set up password and log in into the system. Invitations expire after 7 days. By default invitations send to the work identity email. It can be changed in Admin > Identities > Identity Profiles by selecting corresponding profile and editing Invitation Options.
This task will send an invitation email only for unregistered identities.
The executed task status can be checked by Task Management > [Get task status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status)
A token with ORG_ADMIN or HELPDESK authority is required to call this API.
externalDocs:
description: Learn more about inviting identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/inviting_users.html'
security:
- UserContextAuth:
- 'idn:password-user-invite:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The list of Identities IDs to invite - required when 'uninvited' is false
type: array
items:
type: string
nullable: true
example:
- 2b568c65bc3c4c57a43bd97e3a8e55
- 2c9180867769897d01776ed5f125512f
uninvited:
description: indicator (optional) to invite all unregistered identities in the system within a limit 1000. This parameter makes sense only when 'ids' is empty.
type: boolean
default: false
example: false
responses:
'202':
description: Responds with an initial TaskStatus for the executed task
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
type: object
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{id}/verification/account/send':
post:
operationId: sendIdentityVerificationAccountToken
tags:
- Identities
summary: Send password reset email
description: |
This API sends an email with the link to start Password Reset. After selecting the link an identity will be able to set up a new password. Emails expire after 2 hours.
A token with ORG_ADMIN or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-user-invite:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
sourceName:
description: The source name where identity account password should be reset
type: string
nullable: true
example: Active Directory Source
via:
description: The method to send notification
type: string
enum:
- EMAIL_WORK
- EMAIL_PERSONAL
- LINK_WORK
- LINK_PERSONAL
example: EMAIL_WORK
required:
- via
responses:
'200':
description: The email was successfully sent
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities/process:
post:
operationId: startIdentityProcessing
tags:
- Identities
summary: Process a list of identityIds
description: |
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This endpoint will perform the following tasks:
1. Calculate identity attributes, including applying or running any rules or transforms (e.g. calculate Lifecycle State at a point-in-time it's expected to change).
2. Evaluate role assignments, leading to assignment of new roles and removal of existing roles.
3. Enforce provisioning for any assigned accesses that haven't been fulfilled (e.g. failure due to source health).
4. Recalculate manager relationships.
5. Potentially clean-up identity processing errors, assuming the error has been resolved.
A token with ORG_ADMIN or HELPDESK authority is required to call this API.
externalDocs:
description: Learn more about manually processing identities here
url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html'
security:
- UserContextAuth:
- 'idn:identity:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
type: array
minItems: 1
maxItems: 250
description: List of up to 250 identity IDs to process.
items:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Object containing the DTO type TASK_RESULT and the job id for the task
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: the type of response reference
example: TASK_RESULT
id:
type: string
description: the task ID
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
name:
type: string
description: 'the task name (not used in this endpoint, always null)'
example: 'null'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{id}/reset':
post:
operationId: resetIdentity
tags:
- Identities
summary: Reset an identity
description: Use this endpoint to reset a user's identity if they have forgotten their authentication information like their answers to knowledge-based questions. Resetting an identity de-registers the user and removes any elevated user levels they have.
security:
- UserContextAuth:
- 'idn:identity:update'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted. The reset request accepted and is in progress.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/role-assignments':
get:
operationId: getRoleAssignments
tags:
- Identities
summary: List role assignments
description: 'This returns either a list of Role Assignments when querying with either a Role Id or Role Name, or a list of Role Assignment References if querying with only identity Id.'
security:
- UserContextAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: Identity Id to get the role assignments for
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: roleId
schema:
type: string
required: false
description: Role Id to filter the role assignments with
example: e7697a1e96d04db1ac7b0f4544915d2c
- in: query
name: roleName
schema:
type: string
required: false
description: Role name to filter the role assignments with
example: Engineer
responses:
'200':
description: A role assignment object
content:
application/json:
schema:
type: array
items:
anyOf:
- type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
- type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
comments:
type: string
description: Comments added by the user when the assignment was made
example: I'm a new Engineer and need this role to do my work
assignmentSource:
type: string
description: Source describing how this assignment was made
example: UI
assigner:
description: The identity that performed the assignment. This could be blank or system
example:
id: 2c9180867c184ff6017c2a2fbf031666
type: IDENTITY
name: Jeff Richardson
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
assignedDimensions:
type: array
description: Dimensions assigned related to this role
example:
- id: 1acc8ffe5fcf457090de28bee2af36ee
type: DIMENSION
name: Northeast region
items:
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
assignmentContext:
description: The context around the role assignment
example:
requested:
contextAttributes:
- attribute: department
value: Engineering
derived: false
matched:
- id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
computedDate: 'Wed Feb 14 10:58:42'
type: object
properties:
requested:
type: object
properties:
contextAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
matched:
type: array
items:
type: object
properties:
roleRef:
description: Role Id and Name related to this match
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
matchedAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
computedDate:
type: string
description: Date that the assignment will was evaluated
example: 'Wed Feb 14 10:58:42'
accountTargets:
type: array
items:
type: object
properties:
source:
description: Source Id and Name related to this assignment
example:
id: d18b74853739439986501ad180b27db6
type: SOURCE
name: Active Directory
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
accountInfo:
type: object
properties:
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
displayName:
type: string
description: Display name for this account
example: Abby.Smith
uuid:
type: string
description: UUID associated with this account
example: '{ad9fc391-246d-40af-b248-b6556a2b7c01}'
roleName:
type: string
description: Specific role name for this target if using multiple accounts
example: Marketing
removeDate:
type: string
description: Date that the assignment will be removed
example: 'Wed Feb 14 10:58:42'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/role-assignments/{assignmentId}':
get:
operationId: getRoleAssignment
tags:
- Identities
summary: Role assignment details
security:
- UserContextAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: assignmentId
schema:
type: string
required: true
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
responses:
'200':
description: A role assignment object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
comments:
type: string
description: Comments added by the user when the assignment was made
example: I'm a new Engineer and need this role to do my work
assignmentSource:
type: string
description: Source describing how this assignment was made
example: UI
assigner:
description: The identity that performed the assignment. This could be blank or system
example:
id: 2c9180867c184ff6017c2a2fbf031666
type: IDENTITY
name: Jeff Richardson
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
assignedDimensions:
type: array
description: Dimensions assigned related to this role
example:
- id: 1acc8ffe5fcf457090de28bee2af36ee
type: DIMENSION
name: Northeast region
items:
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
assignmentContext:
description: The context around the role assignment
example:
requested:
contextAttributes:
- attribute: department
value: Engineering
derived: false
matched:
- id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
computedDate: 'Wed Feb 14 10:58:42'
type: object
properties:
requested:
type: object
properties:
contextAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
matched:
type: array
items:
type: object
properties:
roleRef:
description: Role Id and Name related to this match
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
matchedAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
computedDate:
type: string
description: Date that the assignment will was evaluated
example: 'Wed Feb 14 10:58:42'
accountTargets:
type: array
items:
type: object
properties:
source:
description: Source Id and Name related to this assignment
example:
id: d18b74853739439986501ad180b27db6
type: SOURCE
name: Active Directory
type: object
properties:
id:
type: string
description: the application ID
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: the application name
example: Github
accountInfo:
type: object
properties:
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
displayName:
type: string
description: Display name for this account
example: Abby.Smith
uuid:
type: string
description: UUID associated with this account
example: '{ad9fc391-246d-40af-b248-b6556a2b7c01}'
roleName:
type: string
description: Specific role name for this target if using multiple accounts
example: Marketing
removeDate:
type: string
description: Date that the assignment will be removed
example: 'Wed Feb 14 10:58:42'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-attributes:
get:
operationId: listIdentityAttributes
tags:
- Identity Attributes
summary: List Identity Attributes
description: Use this API to get a collection of identity attributes.
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:read'
parameters:
- in: query
name: includeSystem
schema:
type: boolean
default: false
description: Include 'system' attributes in the response.
required: false
example: false
- in: query
name: includeSilent
schema:
type: boolean
default: false
description: Include 'silent' attributes in the response.
required: false
example: false
- in: query
name: searchableOnly
schema:
type: boolean
default: false
description: Include only 'searchable' attributes in the response.
required: false
example: false
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of identity attributes.
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createIdentityAttribute
tags:
- Identity Attributes
summary: Create Identity Attribute
description: Use this API to create a new identity attribute. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
responses:
'201':
description: The identity attribute was created successfully.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identity-attributes/{name}':
get:
operationId: getIdentityAttribute
tags:
- Identity Attributes
summary: Get Identity Attribute
description: This gets an identity attribute for a given technical name.
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:read'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
example: displayName
responses:
'200':
description: The identity attribute with the given name
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putIdentityAttribute
tags:
- Identity Attributes
summary: Update Identity Attribute
description: 'This updates an existing identity attribute. Making an attribute searchable requires that the `system`, `standard`, and `multi` properties be set to false. A token with ORG_ADMIN authority is required to call this API.'
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:manage'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
example: displayName
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
responses:
'200':
description: The identity attribute was updated successfully
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIdentityAttribute
tags:
- Identity Attributes
summary: Delete Identity Attribute
description: This deletes an identity attribute with the given name. The `system` and `standard` properties must be set to false before you can delete an identity attribute. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:manage'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
example: displayName
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-attributes/bulk-delete:
delete:
operationId: deleteIdentityAttributesInBulk
tags:
- Identity Attributes
summary: Bulk delete Identity Attributes
description: Use this API to bulk delete identity attributes for a given set of names. Attributes that are currently mapped in an identity profile cannot be deleted. The `system` and `standard` properties must be set to 'false' before you can delete an identity attribute. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-attribute:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Identity attribute IDs.
properties:
ids:
description: List of identity attributes' technical names.
type: array
items:
type: string
example: name
example:
- name
- displayName
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-profiles:
get:
operationId: listIdentityProfiles
tags:
- Identity Profiles
summary: Identity Profiles list
description: |-
This returns a list of Identity Profiles based on the specified query parameters.
A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne, ge, gt, in, le, lt, isnull, sw*
**name**: *eq, ne, in, le, lt, isnull, sw*
**priority**: *eq, ne*
example: id eq 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name**
example: 'name,-priority'
responses:
'200':
description: List of identityProfiles.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
- 'idn:identity-profile:manage'
post:
operationId: createIdentityProfile
summary: Create an Identity Profile
description: |-
This creates an Identity Profile
A token with ORG_ADMIN authority is required to call this API to create an Identity Profile.
tags:
- Identity Profiles
requestBody:
required: true
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
responses:
'201':
description: The created Identity Profile
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
/identity-profiles/bulk-delete:
post:
operationId: deleteIdentityProfiles
tags:
- Identity Profiles
summary: Delete Identity Profiles
description: |-
This deletes multiple Identity Profiles via a list of supplied IDs.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
requestBody:
description: Identity Profile bulk delete request body.
required: true
content:
application/json:
schema:
description: List of Identity Profile IDs to delete.
type: array
items:
type: string
example:
- 2c9180867b2a34e0017b3078d60b0699
- 2c9180867b2a34e0017b3078d60b0698
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the bulk delete job
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:delete'
/identity-profiles/export:
get:
operationId: exportIdentityProfiles
tags:
- Identity Profiles
summary: Export Identity Profiles
description: This exports existing identity profiles in the format specified by the sp-config service.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne*
**name**: *eq, ne*
**priority**: *eq, ne*
example: id eq 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority**
example: 'name,-priority'
responses:
'200':
description: List of export objects with identity profiles.
content:
application/json:
schema:
type: array
items:
type: object
description: Identity Profile exported object
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: 'Imported/exported object''s DTO type. Import is currently only possible with the IDENTITY_OBJECT_CONFIG, IDENTITY_PROFILE, RULE, SOURCE, TRANSFORM, and TRIGGER_SUBSCRIPTION object types.'
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
- 'idn:identity-profile:manage'
/identity-profiles/import:
post:
operationId: importIdentityProfiles
summary: Import Identity Profiles
description: This imports previously exported identity profiles.
tags:
- Identity Profiles
requestBody:
description: Previously exported Identity Profiles.
required: true
content:
application/json:
schema:
type: array
items:
type: object
description: Identity Profile exported object
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: 'Imported/exported object''s DTO type. Import is currently only possible with the IDENTITY_OBJECT_CONFIG, IDENTITY_PROFILE, RULE, SOURCE, TRANSFORM, and TRIGGER_SUBSCRIPTION object types.'
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
responses:
'200':
description: The result of importing Identity Profiles.
content:
application/json:
schema:
type: object
title: Import Object Response Body
description: Response model for import of a single object.
properties:
infos:
description: Informational messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
warnings:
description: Warning messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
errors:
description: Error messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
importedObjects:
description: References to objects that were created or updated by the import.
type: array
items:
type: object
description: Object created or updated by import.
properties:
type:
type: string
description: DTO type of object created or updated by import.
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
id:
type: string
description: ID of object created or updated by import.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of object created or updated by import.
example: HR Active Directory
required:
- infos
- warnings
- errors
- importedObjects
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
/identity-profiles/identity-preview:
post:
operationId: generateIdentityPreview
tags:
- Identity Profiles
summary: Generate Identity Profile Preview
description: |-
Use this API to generate a non-persisted `IdentityDetails` object that represents a preview of the identity attributes with a specified policy's attribute config applied.
This API supports the `accountAttribute`, `rule`, and `reference` transform types.
A token with ORG_ADMIN authority is required to call this API to generate an identity preview.
requestBody:
description: Identity Preview request body.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: uuid
example: 2c9180857893f12901789445619b0366
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
responses:
'200':
description: Object representing the preview object with all of the identity attributes using the current mappings.
content:
application/json:
schema:
type: object
properties:
identity:
type: object
description: Identity's manager.
properties:
type:
type: string
description: DTO type of identity's manager.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity's manager.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity's manager.
example: Robert Robinson
previewAttributes:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the attribute that is being previewed.
example: email
value:
type: string
description: Value that was derived during the preview.
example: email@mail.com
previousValue:
type: string
description: The value of the attribute before the preview.
example: oldEmail@mail.com
errorMessages:
description: A list of errors that may have been encountered
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}':
get:
operationId: getIdentityProfile
tags:
- Identity Profiles
summary: Gets a single Identity Profile
description: |-
This returns a single Identity Profile based on ID.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An Identity Profile object
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
- 'idn:identity-profile:manage'
delete:
operationId: deleteIdentityProfile
tags:
- Identity Profiles
summary: Delete an Identity Profile
description: |-
This deletes an Identity Profile based on ID.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the delete job.
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:delete'
patch:
operationId: updateIdentityProfile
tags:
- Identity Profiles
summary: Update the Identity Profile
description: |-
This updates the specified Identity Profile.
A token with ORG_ADMIN authority is required to call this API to update the Identity Profile. Some fields of the Schema cannot be updated. These fields are listed below.
* id
* name
* created
* modified
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of Identity Profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-attribute-transform:
summary: Add an attribute transform
value:
- op: add
path: /identityAttributeConfig/attributeTransforms/0
value:
identityAttributeName: location
transformDefinition:
type: accountAttribute
attributes:
sourceName: Employees
attributeName: location
sourceId: 2c91808878b7d63b0178c66ffcdc4ce4
responses:
'200':
description: The updated Identity Profile.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
required:
- authoritativeSource
properties:
description:
type: string
nullable: true
description: The description of the Identity Profile.
example: My custom flat file profile
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
description: The authoritative source for this Identity Profile.
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result
example: 2c918086795cd09201795d5f7d7533df
reportName:
type: string
example: My annual report
description: The name of the report
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}/default-identity-attribute-config':
get:
operationId: getDefaultIdentityAttributeConfig
tags:
- Identity Profiles
summary: Default identity attribute config
description: |-
This returns the default identity attribute config
A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An Identity Attribute Config object
content:
application/json:
schema:
type: object
properties:
enabled:
type: boolean
description: If the profile or mapping is enabled
example: true
default: true
attributeTransforms:
type: array
items:
type: object
properties:
identityAttributeName:
type: string
description: Name of the identity attribute
example: email
transformDefinition:
description: The seaspray transformation definition
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
nullable: true
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}/process-identities':
post:
operationId: syncIdentityProfile
tags:
- Identity Profiles
summary: Process identities under profile
description: |-
Process identities under the profile
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This should only be run on identity profiles that have the `identityRefreshRequired` attribute set to `true`. If `identityRefreshRequired` is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh.
This operation will perform the following activities on all identities under the identity profile.
1. Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria.
A token with ORG_ADMIN authority is required to call this API.
externalDocs:
description: Learn more about manually processing identities here
url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html'
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID to be processed
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted status after refresh has launched
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}':
get:
operationId: getLifecycleStates
tags:
- Lifecycle States
summary: Get Lifecycle State
description: |
Use this endpoint to get a lifecycle state by its ID and its associated identity profile ID.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID.
required: true
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle State ID.
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Requested lifecycle state.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
example: 2c9180835d2e5168015d32f890ca1581
description: Lifecycle state ID.
name:
type: string
readOnly: true
example: Lifecycle Name
description: Lifecycle state name.
technicalName:
type: string
readOnly: true
example: lifecycleTechnicalName
description: Lifecycle state technical name. This is for internal use.
description:
type: string
example: LifecycleDescription
description: Lifecycle state description.
created:
type: string
readOnly: true
format: date-time
example: 2015-05-28T14:07:17.000Z
description: Lifecycle state created date.
modified:
type: string
readOnly: true
format: date-time
example: 2015-05-28T14:07:17.000Z
description: Lifecycle state modified date.
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
identityCount:
type: integer
format: int32
readOnly: true
example: 12
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
properties:
action:
type: string
example: ENABLE
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
example: 2c918084660f45d6016617daa9210584
description: Source Id
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateLifecycleStates
tags:
- Lifecycle States
summary: Update Lifecycle State
description: |
Use this endpoint to update individual lifecycle state fields, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID.
required: true
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle State ID.
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields can be updated:
* enabled
* description
* accountActions
* accessProfileIds
* emailNotificationOption
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /accessProfileIds
value:
- 2c918087742bab150174407a80f3125e
- 2c918087742bab150174407a80f3124f
- op: replace
path: /accountActions
value:
- action: ENABLE
sourceIds:
- 2c9180846a2f82fb016a481c1b1560c5
- 2c9180846a2f82fb016a481c1b1560cc
- action: DISABLE
sourceIds:
- 2c91808869a0c9980169a207258513fb
- op: replace
path: /emailNotificationOption
value:
notifyManagers: true
notifyAllAdmins: false
notifySpecificUsers: false
emailAddressList: []
responses:
'200':
description: Updated lifecycle state.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
example: 2c9180835d2e5168015d32f890ca1581
description: Lifecycle state ID.
name:
type: string
readOnly: true
example: Lifecycle Name
description: Lifecycle state name.
technicalName:
type: string
readOnly: true
example: lifecycleTechnicalName
description: Lifecycle state technical name. This is for internal use.
description:
type: string
example: LifecycleDescription
description: Lifecycle state description.
created:
type: string
readOnly: true
format: date-time
example: 2015-05-28T14:07:17.000Z
description: Lifecycle state created date.
modified:
type: string
readOnly: true
format: date-time
example: 2015-05-28T14:07:17.000Z
description: Lifecycle state modified date.
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
identityCount:
type: integer
format: int32
readOnly: true
example: 12
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
properties:
action:
type: string
example: ENABLE
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
example: 2c918084660f45d6016617daa9210584
description: Source Id
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-records:
post:
operationId: createNonEmployeeRecord
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Record
description: |-
This request will create a non-employee record.
Request will require the following security scope:
'idn:nesr:create'
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Created non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
accountName:
type: string
description: Requested identity account name.
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRecords
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Records
description: This gets a list of non-employee records.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: false
name: sorters
schema:
type: string
format: comma-separated
example: 'accountName,sourceId'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
accountName:
type: string
description: Requested identity account name.
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-records/{id}':
get:
operationId: getNonEmployeeRecord
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Record
description: This gets a non-employee record.
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
responses:
'200':
description: Non-Employee record object
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
accountName:
type: string
description: Requested identity account name.
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updateNonEmployeeRecord
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Update Non-Employee Record
description: This request will update a non-employee record.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
requestBody:
description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: An updated non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
accountName:
type: string
description: Requested identity account name.
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeRecord
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Patch Non-Employee Record
description: This request will patch a non-employee record.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
requestBody:
description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /endDate
value:
'2019-08-23T18:40:35.772Z': null
responses:
'200':
description: A patched non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
accountName:
type: string
description: Requested identity account name.
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRecord
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Record
description: This request will delete a non-employee record.
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-records/bulk-delete:
post:
operationId: deleteNonEmployeeRecordInBulk
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete Multiple Non-Employee Records
description: |-
This request will delete multiple non-employee records based on the non-employee ids provided.
Request will require the following scope:
'idn:nesr:delete'
requestBody:
description: Non-Employee bulk delete request body.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: List of non-employee ids.
type: array
items:
type: string
format: uuid
required:
- ids
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-requests:
post:
operationId: createNonEmployeeRequest
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Request
description: This request will create a non-employee request and notify the approver
requestBody:
description: Non-Employee creation request body
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Non-Employee request creation object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
comment:
type: string
description: comment of requester
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: firstName is required; accountName is required;
400.1.409 Reference conflict:
description: Response for reference conflict
value:
detailCode: 400.1.409 Reference conflict
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: Unable to create Non-Employee because the accountName "existed" is already being used.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRequests
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Requests
description: This gets a list of non-employee requests.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: requested-for
required: true
schema:
type: string
example: me
description: The identity for whom the request was made. *me* indicates the current user.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'approvalStatus,firstName'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: List of non-employee request objects.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
comment:
type: string
description: comment of requester
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/{id}':
get:
operationId: getNonEmployeeRequest
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Request
description: This gets a non-employee request.
parameters:
- in: path
name: id
example: 2c91808b6ef1d43e016efba0ce470904
description: Non-Employee request id (UUID)
required: true
schema:
type: string
responses:
'200':
description: Non-Employee request object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
comment:
type: string
description: comment of requester
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRequest
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Request
description: This request will delete a non-employee request.
parameters:
- in: path
name: id
description: Non-Employee request id in the UUID format
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
format: uuid
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/summary/{requested-for}':
get:
operationId: getNonEmployeeRequestSummary
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: 'This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager''s id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.'
parameters:
- in: path
example: ac10d20a-841e-1e7d-8184-32d2e22c0179
name: requested-for
description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
schema:
type: string
format: uuid (if user is Org Admin)
responses:
'200':
description: Non-Employee request summary object.
content:
application/json:
schema:
type: object
properties:
approved:
type: number
description: The number of approved non-employee requests on all sources that *requested-for* user manages.
rejected:
type: number
description: The number of rejected non-employee requests on all sources that *requested-for* user manages.
pending:
type: number
description: The number of pending non-employee requests on all sources that *requested-for* user manages.
nonEmployeeCount:
type: number
description: The number of non-employee records on all sources that *requested-for* user manages.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-sources:
post:
operationId: createNonEmployeeSource
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Source
description: |-
This request will create a non-employee source.
Request will require the following security scope:
'idn:nesr:create'
requestBody:
description: Non-Employee source creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of non-employee source.
example: Retail
description:
type: string
description: Description of non-employee source.
example: Source description
owner:
description: Owner of non-employee source.
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
managementWorkgroup:
type: string
description: The ID for the management workgroup that contains source sub-admins
example: '123299'
approvers:
description: List of approvers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 3
accountManagers:
description: List of account managers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 10
required:
- owner
- name
- description
responses:
'200':
description: Created non-employee source.
content:
application/json:
schema:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
nonEmployeeCount:
nullable: true
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
- type: object
properties:
cloudExternalId:
type: string
description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.
example: '99999'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeSources
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Sources
description: This gets a list of non-employee sources.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: true
name: requested-for
example: me
schema:
type: string
description: The identity for whom the request was made. *me* indicates the current user.
- in: query
required: true
name: non-employee-count
example: false
schema:
type: boolean
description: The flag to determine whether return a non-employee count associate with source.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'name,created'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, sourceId**
responses:
'200':
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
nonEmployeeCount:
nullable: true
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
- type: object
properties:
nonEmployeeCount:
type: integer
example: 2
format: int32
description: Number of non-employee records associated with this source.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}':
get:
operationId: getNonEmployeeSource
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Source
description: This gets a non-employee source.
parameters:
- in: path
example: 2c91808b7c28b350017c2a2ec5790aa1
name: sourceId
description: Source Id
required: true
schema:
type: string
responses:
'200':
description: Non-Employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
nonEmployeeCount:
nullable: true
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSource
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: 'patch a non-employee source. (Partial Update) Patchable field: **name, description, approvers, accountManagers**'
parameters:
- in: path
name: sourceId
description: Source Id
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
requestBody:
description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value:
new name: null
- op: replace
path: /approvers
value:
- 2c91809f703bb37a017040a2fe8748c7
- 48b1f463c9e8427db5a5071bd81914b8
responses:
'200':
description: A patched non-employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
nonEmployeeCount:
nullable: true
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSource
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Source
description: This request will delete a non-employee source.
parameters:
- in: path
name: sourceId
description: Source Id
required: true
example: 2c91808b6ef1d43e016efba0ce470904
schema:
type: string
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employees/download':
get:
operationId: exportNonEmployeeRecords
security:
- UserContextAuth:
- 'idn:nelm:read'
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Exports Non-Employee Records to CSV
description: This requests a CSV download for all non-employees from a provided source.
parameters:
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: id
description: Source Id (UUID)
required: true
schema:
type: string
responses:
'200':
description: Exported CSV
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload':
post:
operationId: importNonEmployeeRecordsInBulk
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: 'Imports, or Updates, Non-Employee Records'
description: |-
This post will import, or update, Non-Employee records found in the CSV.
Request will need the following security scope:
'idn:nesr:create'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
required:
- data
responses:
'202':
description: The CSV was accepted to be bulk inserted now or at a later time.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The bulk upload job's ID. (UUID)
example: 2c91808568c529c60168cca6f90cffff
sourceId:
type: string
description: The ID of the source to bulk-upload non-employees to. (UUID)
example: 2c91808568c529c60168cca6f90c1313
created:
type: string
format: date-time
description: The date-time the job was submitted.
example: '2019-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: The date-time that the job was last updated.
example: '2019-08-23T18:52:59.162Z'
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
example: PENDING
'400':
description: |
Client Error - Returned if the request body is invalid.
The response body will contain the list of specific errors with one on each line.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload/status':
get:
operationId: getNonEmployeeBulkUploadStatus
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Bulk upload status on source
description: |
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
parameters:
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: id
description: Source ID (UUID)
required: true
schema:
type: string
responses:
'200':
description: 'Status of the newest bulk-upload job, if any.'
content:
application/json:
schema:
type: object
properties:
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
null means job has been submitted to the source.
example: PENDING
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/schema-attributes-template/download':
get:
operationId: exportNonEmployeeSourceSchemaTemplate
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Exports Source Schema Template
description: |-
This requests a download for the Source Schema Template for a provided source.
Request will require the following security scope:
idn:nesr:read'
parameters:
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: id
description: Source Id (UUID)
required: true
schema:
type: string
responses:
'200':
description: Exported Source Schema Template
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-approvals:
get:
operationId: listNonEmployeeApproval
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get List of Non-Employee Approval Requests
description: This gets a list of non-employee approval requests.
parameters:
- in: query
example: ac10d20a-841e-1e7d-8184-32d2e22c0179
name: requested-for
schema:
type: string
description: The identity for whom the request was made. *me* indicates the current user.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
example: approvalStatus eq "PENDING"
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq*
- in: query
example: created
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
description: List of approval items.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}':
get:
operationId: getNonEmployeeApproval
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail
description: Approves a non-employee approval request and notifies the next approver.
parameters:
- in: path
name: id
example: ac10d20a-841e-1e7d-8184-32d2e22c0179
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
- in: query
example: include-detail=false
name: include-detail
description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*
required: false
schema:
type: string
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
description: Non-Employee request associated to this approval
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
schemaAttributes:
description: List of schema attributes associated with this non-employee source.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
comment:
type: string
description: comment of requester
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date
description: Non-Employee employment start date.
example: '2020-03-24'
endDate:
type: string
format: date
description: Non-Employee employment end date.
example: '2021-03-25'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/approve':
post:
operationId: approveNonEmployeeRequest
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Approve a Non-Employee Request
description: Approves a non-employee approval request and notifies the next approver.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/reject':
post:
operationId: rejectNonEmployeeRequest
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Reject a Non-Employee Request
description: This endpoint will reject an approval item request and notify user.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
required:
- comment
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
approvalOrder:
type: number
description: Approval order
example: 1
comment:
type: string
description: comment of approver
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/summary/{requested-for}':
get:
operationId: getNonEmployeeApprovalSummary
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: 'This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver''s id. 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.'
parameters:
- in: path
example: ac10d20a-841e-1e7d-8184-32d2e22c0179
name: requested-for
schema:
type: string
description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
responses:
'200':
description: summary of non-employee approval requests
content:
application/json:
schema:
type: object
properties:
approved:
type: number
description: The number of approved non-employee approval requests.
pending:
type: number
description: The number of pending non-employee approval requests.
rejected:
type: number
description: The number of rejected non-employee approval requests.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes':
get:
operationId: getNonEmployeeSourceSchemaAttributes
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List Schema Attributes Non-Employee Source
description: 'This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.'
parameters:
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: sourceId
schema:
type: string
required: true
description: The Source id
responses:
'200':
description: A list of Schema Attributes
content:
application/json:
schema:
type: array
example:
- type: TEXT
label: string
technicalName: string
helpText: string
placeholder: string
required: true
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
maxItems: 18
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createNonEmployeeSourceSchemaAttributes
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Source Schema Attribute
description: 'This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response.'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Source id
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: Type of the attribute. Only type 'TEXT' is supported for custom attributes.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
responses:
'200':
description: Schema Attribute created.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSourceSchemaAttributes
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete all custom schema attributes
description: This end-point deletes all custom schema attributes for a non-employee source.
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Source id
responses:
'204':
description: All custon Schema Attributes were successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes/{attributeId}':
get:
operationId: getNonEmployeeSchemaAttribute
security:
- UserContextAuth:
- 'idn:nelm:read'
tags:
- Non-Employee Lifecycle Management
summary: Get Schema Attribute Non-Employee Source
description: This API gets a schema attribute by Id for the specified Non-Employee SourceId.
parameters:
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: attributeId
schema:
type: string
required: true
description: The Schema Attribute Id (UUID)
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: sourceId
schema:
type: string
required: true
description: The Source id
responses:
'200':
description: The Schema Attribute
content:
application/json:
example: |
id,system,modified,created,type,label,technicalName,helpText,placeholder,required
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSchemaAttribute
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Patch Non-Employee Source's Schema Attribute
description: |
This end-point patches a specific schema attribute for a non-employee SourceId.
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Schema Attribute Id (UUID)
- in: path
name: sourceId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Source id
requestBody:
description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /label
value:
new attribute label: null
required: true
responses:
'200':
description: The Schema Attribute was successfully patched.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSchemaAttribute
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Source's Schema Attribute
description: |
This end-point deletes a specific schema attribute for a non-employee source.
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Schema Attribute Id (UUID)
- in: path
name: sourceId
schema:
type: string
required: true
example: 2c91808b6ef1d43e016efba0ce470904
description: The Source id
responses:
'204':
description: The Schema Attribute was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/managed-clients/{id}/status':
get:
tags:
- Managed Clients
summary: Specified Managed Client Status.
description: Retrieve Managed Client Status by ID.
deprecated: true
operationId: getManagedClientStatus
parameters:
- name: id
in: path
description: ID of the Managed Client Status to get
required: true
schema:
type: string
example: aClientId
- name: type
in: query
description: Type of the Managed Client Status to get
required: true
schema:
example: VA
description: Managed Client type
type: string
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
responses:
'200':
description: Responds with Managed Client Status having the given ID and Type.
content:
application/json:
schema:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
alertKey: ''
id: '5678'
clusterId: '1234'
ccg_etag: ccg_etag123xyz456
ccg_pin: NONE
cookbook_etag: 20210420125956-20210511144538
hostname: megapod-useast1-secret-hostname.sailpoint.com
internal_ip: 127.0.0.1
lastSeen: '1620843964604'
sinceSeen: '14708'
sinceSeenMillis: '14708'
localDev: false
stacktrace: ''
state: null
status: NORMAL
uuid: null
product: idn
va_version: null
platform_version: '2'
os_version: 2345.3.1
os_type: flatcar
hypervisor: unknown
status:
description: status of the Managed Client
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:managed-client-status:read'
post:
tags:
- Managed Clients
summary: Handle status request from client
description: Update a status detail passed in from the client
deprecated: true
operationId: updateManagedClientStatus
parameters:
- name: id
in: path
description: ID of the Managed Client Status to update
required: true
schema:
type: string
example: aClientId
requestBody:
required: true
content:
application/json:
schema:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
alertKey: ''
id: '5678'
clusterId: '1234'
ccg_etag: ccg_etag123xyz456
ccg_pin: NONE
cookbook_etag: 20210420125956-20210511144538
hostname: megapod-useast1-secret-hostname.sailpoint.com
internal_ip: 127.0.0.1
lastSeen: '1620843964604'
sinceSeen: '14708'
sinceSeenMillis: '14708'
localDev: false
stacktrace: ''
state: null
status: NORMAL
uuid: null
product: idn
va_version: null
platform_version: '2'
os_version: 2345.3.1
os_type: flatcar
hypervisor: unknown
status:
description: status of the Managed Client
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
responses:
'200':
description: Responds with the updated Managed Client Status.
content:
application/json:
schema:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
body:
id: '1528'
clientId: '1528'
clusterId: '1533'
orgType: test
vaDownloadUrl: 'https://sptcbu-va-images.s3.amazonaws.com/va-latest.zip'
clusterJobCount: 1
configuration:
clusterType: sqsCluster
clusterExternalId: 2c91808876dd79120176f758af765c58
debug: 'false'
failureThreshold: '0'
gmtOffset: '-6'
scheduleUpgrade: 'false'
va_version: va-megapod-useast1-595-1627543540
jobType: VA_UPGRADE
cookbook: va-megapod-useast1-595-1627543540
connectorServices:
- id: '540696'
name: EndToEnd-ADSource
connector_host: host.example.com
connector_port: '389'
connector_(boolean)useSSL: false
connectorFileUploadHistory: null
- id: '540698'
name: EndToEnd-AzureADSource
connector_host: null
connector_port: null
connector_(boolean)useSSL: null
connectorFileUploadHistory: null
- id: '540710'
name: EndToEnd-OpenLDAP
connector_host: 10.0.2.64
connector_port: '389'
connector_(boolean)useSSL: false
connectorFileUploadHistory: null
- id: '540713'
name: Dynamic-ADSource
connector_host: host.example.com
connector_port: '389'
connector_(boolean)useSSL: false
connectorFileUploadHistory: null
- id: '540716'
name: EndToEnd-JdbcADSource
connector_host: 10.0.5.187
connector_port: '389'
connector_(boolean)useSSL: false
connectorFileUploadHistory: null
- id: '540717'
name: EndToEnd-JdbcSource
connector_host: null
connector_port: null
connector_(boolean)useSSL: null
connectorFileUploadHistory:
- serviceId: '540717'
date: '2021-02-05T22:58:15Z'
file: temp7081703651350031905mysql-connector-java-8.0.11.jar
jobs:
- uuid: 872b622f-5ab5-4836-9172-e3bb77f05b2c
cookbook: 872b622f-5ab5-4836-9172-e3bb77f05b2c
state: FINISHED
type: VA_UPGRADE
targetId: '1528'
managedProcessConfiguration:
charon:
version: '345'
path: sailpoint/charon
description: null
dependencies: null
ccg:
version: 415_583_79.0.0
path: sailpoint/ccg
description: null
dependencies: null
toolbox:
version: '6'
path: sailpoint/toolbox
description: null
dependencies: null
fluent:
version: '50'
path: fluent/va
description: null
dependencies: null
va_agent:
version: '89'
path: sailpoint/va_agent
description: null
dependencies: null
queue:
name: megapod-useast1-denali-lwt-cluster-1533
region: us-east-1
maintenance:
window: 'true'
windowStartTime: '2021-07-29T00:00:00Z'
windowClusterTime: '2021-07-29T01:35:24Z'
windowFinishTime: '2021-07-29T04:00:00Z'
status:
description: status of the Managed Client
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:managed-client-status:manage'
'/managed-clusters/{id}':
get:
tags:
- Managed Clusters
summary: Get a specified ManagedCluster.
description: Retrieve a ManagedCluster by ID.
deprecated: true
operationId: getManagedCluster
parameters:
- name: id
in: path
description: ID of the ManagedCluster to get
required: true
style: simple
explode: false
schema:
type: string
example: aClusterId
responses:
'200':
description: Responds with ManagedCluster having the given ID.
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: aClusterId
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: externalId
ccgVersion: 77.0.0
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
'/managed-clusters/{id}/log-config':
get:
tags:
- Managed Clusters
summary: Get managed cluster's log configuration
description: Get managed cluster's log configuration.
deprecated: true
operationId: getClientLogConfiguration
parameters:
- name: id
in: path
description: ID of ManagedCluster to get log configuration for
required: true
style: simple
explode: false
schema:
type: string
example: aClusterId
responses:
'200':
description: Log configuration of ManagedCluster matching given cluster ID
content:
application/json:
schema:
description: Client Runtime Logging Configuration
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
put:
tags:
- Managed Clusters
summary: Update managed cluster's log configuration
description: Update managed cluster's log configuration
deprecated: true
operationId: putClientLogConfiguration
parameters:
- name: id
in: path
description: ID of ManagedCluster to update log configuration for
required: true
style: simple
explode: false
schema:
type: string
example: aClusterId
requestBody:
description: ClientLogConfiguration for given ManagedCluster
content:
application/json:
schema:
description: Client Runtime Logging Configuration
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
required: true
responses:
'200':
description: Responds with updated ClientLogConfiguration for given ManagedCluster
content:
application/json:
schema:
description: Client Runtime Logging Configuration
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
/managed-clusters:
get:
tags:
- Managed Clusters
summary: Retrieve all Managed Clusters.
description: 'Retrieve all Managed Clusters for the current Org, based on request context.'
deprecated: true
operationId: getManagedClusters
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**operational**: *eq*
example: operational eq operation
responses:
'200':
description: Responds with a list of ManagedCluster.
content:
application/json:
schema:
type: array
items:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: aClusterId
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: externalId
ccgVersion: 77.0.0
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
/mail-from-attributes:
put:
security:
- UserContextAuth:
- 'sp:notification-mail-from-attributes:write'
operationId: putMailFromAttributes
tags:
- Notifications
summary: Change MAIL FROM domain
description: Change the MAIL FROM domain of an AWS SES email identity and provide the MX and TXT records to be placed in the caller's DNS
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: BobSmith@sailpoint.com
description: The identity or domain address
mailFromDomain:
type: string
example: example.sailpoint.com
description: The new MAIL FROM domain of the identity. Must be a subdomain of the identity.
description: MAIL FROM attributes for a domain / identity
example:
identity: BobSmith@sailpoint.com
mailFromDomain: example.sailpoint.com
responses:
'200':
description: MAIL FROM Attributes required to verify the change
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: bob.smith@sailpoint.com
description: The email identity
mailFromDomain:
type: string
example: foo.sailpoint.com
description: The name of a domain that an email identity uses as a custom MAIL FROM domain
mxRecord:
type: string
example: 10 feedback-smtp.us-east-1.amazonses.com
description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you
txtRecord:
type: string
example: 'v=spf1 include:amazonses.com ~all'
description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain
mailFromDomainStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example: PENDING
description: The current status of the MAIL FROM verification
description: MAIL FROM attributes for a domain / identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/mail-from-attributes/{identity}':
get:
security:
- UserContextAuth:
- 'sp:notification-mail-from-attributes:read'
operationId: getMailFromAttributes
tags:
- Notifications
summary: Get MAIL FROM Attributes
description: Retrieve MAIL FROM attributes for a given AWS SES identity.
parameters:
- in: query
name: id
required: true
schema:
type: string
description: 'Returns the MX and TXT record to be put in your DNS, as well as the MAIL FROM domain status'
example: bobsmith@sailpoint.com
responses:
'200':
description: MAIL FROM Attributes object
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: bob.smith@sailpoint.com
description: The email identity
mailFromDomain:
type: string
example: foo.sailpoint.com
description: The name of a domain that an email identity uses as a custom MAIL FROM domain
mxRecord:
type: string
example: 10 feedback-smtp.us-east-1.amazonses.com
description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you
txtRecord:
type: string
example: 'v=spf1 include:amazonses.com ~all'
description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain
mailFromDomainStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example: PENDING
description: The current status of the MAIL FROM verification
description: MAIL FROM attributes for a domain / identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/generic-approvals:
get:
security:
- UserContextAuth:
- 'sp:approvals:read'
operationId: getApprovals
tags:
- Approvals
summary: Get Approvals
description: |-
Retrieve a list of approvals, which can be filtered by requester ID, status, or reference type. "Mine" query parameter can be used and it will return all approvals for the current approver. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals.
Absence of all query parameters will will default to mine=true.
parameters:
- in: query
name: mine
schema:
type: boolean
description: Returns the list of approvals for the current caller
example: 'true'
- in: query
name: requesterId
schema:
type: string
description: Returns the list of approvals for a given requester ID
example: 17e633e7d57e481569df76323169deb6a
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq*
**referenceType**: *eq*
example: filters=status eq PENDING
responses:
'200':
description: List of Approvals
content:
application/json:
schema:
type: array
items:
type: object
properties:
approvalId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: The Approval ID
approvers:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Object representation of an approver of an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was created
type:
type: string
example: ENTITLEMENT_DESCRIPTIONS
description: Type of approval
name:
type: array
items:
type: object
properties:
value:
type: string
example: Audit DB Access
description: Name of the approval
locale:
type: string
example: en_US
description: What locale the name of the approval is using
description: Approval Name Object
description: The name of the approval for a given locale
batchRequest:
type: object
description: The name of the approval for a given locale
example:
batchId: 38453251-6be2-5f8f-df93-5ce19e295837
batchSize: 100
properties:
batchId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: ID of the batch
batchSize:
type: integer
format: int64
example: 100
description: How many approvals are going to be in this batch. Defaults to 1 if not provided.
description:
type: array
items:
type: object
properties:
value:
type: string
example: This access allows viewing and editing of workflow resource
description: The description of what the approval is asking for
locale:
type: string
example: en_US
description: What locale the description of the approval is using
description: The description of what the approval is asking for
description: The description of the approval for a given locale
priority:
type: string
enum:
- HIGH
- MEDIUM
- LOW
example: HIGH
description: The priority of the approval
requester:
type: object
description: Object representation of the requester of the approval
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
comments:
type: array
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have rejected the approval
completedDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was completed
approvalCriteria:
type: string
enum:
- SINGLE
- DOUBLE
- TRIPLE
- QUARTER
- HALF
- ALL
example: SINGLE
description: Criteria that needs to be met for an approval to be marked as approved
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
example: PENDING
description: The current status of the approval
additionalAttributes:
type: string
example: '{ "llm_description": "generated description" }'
description: Json string representing additional attributes known about the object to be approved.
referenceData:
type: array
items:
type: object
properties:
id:
type: string
example: 64012350-8fd9-4f6c-a170-1fe123683899
description: Id of the reference object
type:
type: string
example: AccessRequestId
description: What reference object does this ID correspond to
description: Reference objects related to the approval
description: Reference data related to the approval
description: Approval Object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/generic-approvals/{id}':
get:
security:
- UserContextAuth:
- 'sp:approvals:read'
operationId: getApproval
tags:
- Approvals
summary: Get an approval
description: 'Retrieve a single approval for a given approval ID. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals.'
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the approval that is to be returned
example: 38453251-6be2-5f8f-df93-5ce19e295837
responses:
'200':
description: Approval object
content:
application/json:
schema:
type: object
properties:
approvalId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: The Approval ID
approvers:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Object representation of an approver of an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was created
type:
type: string
example: ENTITLEMENT_DESCRIPTIONS
description: Type of approval
name:
type: array
items:
type: object
properties:
value:
type: string
example: Audit DB Access
description: Name of the approval
locale:
type: string
example: en_US
description: What locale the name of the approval is using
description: Approval Name Object
description: The name of the approval for a given locale
batchRequest:
type: object
description: The name of the approval for a given locale
example:
batchId: 38453251-6be2-5f8f-df93-5ce19e295837
batchSize: 100
properties:
batchId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: ID of the batch
batchSize:
type: integer
format: int64
example: 100
description: How many approvals are going to be in this batch. Defaults to 1 if not provided.
description:
type: array
items:
type: object
properties:
value:
type: string
example: This access allows viewing and editing of workflow resource
description: The description of what the approval is asking for
locale:
type: string
example: en_US
description: What locale the description of the approval is using
description: The description of what the approval is asking for
description: The description of the approval for a given locale
priority:
type: string
enum:
- HIGH
- MEDIUM
- LOW
example: HIGH
description: The priority of the approval
requester:
type: object
description: Object representation of the requester of the approval
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
comments:
type: array
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have rejected the approval
completedDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was completed
approvalCriteria:
type: string
enum:
- SINGLE
- DOUBLE
- TRIPLE
- QUARTER
- HALF
- ALL
example: SINGLE
description: Criteria that needs to be met for an approval to be marked as approved
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
example: PENDING
description: The current status of the approval
additionalAttributes:
type: string
example: '{ "llm_description": "generated description" }'
description: Json string representing additional attributes known about the object to be approved.
referenceData:
type: array
items:
type: object
properties:
id:
type: string
example: 64012350-8fd9-4f6c-a170-1fe123683899
description: Id of the reference object
type:
type: string
example: AccessRequestId
description: What reference object does this ID correspond to
description: Reference objects related to the approval
description: Reference data related to the approval
description: Approval Object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
security:
- UserContextAuth:
- 'sp:approvals:write'
operationId: patchApproval
tags:
- Approvals
summary: Change an approval
description: Change the values of a given approval
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comments:
type: object
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
example:
author: 85d173e7d57e496569df763231d6deb6a
comment: Looks good
createdDate: 2023-04-12T23:20:50.520Z
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: An array of identities who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: An array of identities who have rejected the approval
reassignFrom:
description: The identity that is replaced by reassignTo
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
reassignTo:
description: 'If reassigning this identity will replace reassignFrom, otherwise this identity will be added to the approval request'
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
additionalAttributes:
type: object
example:
any: any
additional: attributes
description: Any additional attributes that the approval request may need
description: Payload for changing the fields of an approval.
responses:
'200':
description: Approval object
content:
application/json:
schema:
type: object
properties:
approvalId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: The Approval ID
approvers:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Object representation of an approver of an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was created
type:
type: string
example: ENTITLEMENT_DESCRIPTIONS
description: Type of approval
name:
type: array
items:
type: object
properties:
value:
type: string
example: Audit DB Access
description: Name of the approval
locale:
type: string
example: en_US
description: What locale the name of the approval is using
description: Approval Name Object
description: The name of the approval for a given locale
batchRequest:
type: object
description: The name of the approval for a given locale
example:
batchId: 38453251-6be2-5f8f-df93-5ce19e295837
batchSize: 100
properties:
batchId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: ID of the batch
batchSize:
type: integer
format: int64
example: 100
description: How many approvals are going to be in this batch. Defaults to 1 if not provided.
description:
type: array
items:
type: object
properties:
value:
type: string
example: This access allows viewing and editing of workflow resource
description: The description of what the approval is asking for
locale:
type: string
example: en_US
description: What locale the description of the approval is using
description: The description of what the approval is asking for
description: The description of the approval for a given locale
priority:
type: string
enum:
- HIGH
- MEDIUM
- LOW
example: HIGH
description: The priority of the approval
requester:
type: object
description: Object representation of the requester of the approval
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
comments:
type: array
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have rejected the approval
completedDate:
type: string
example: 2023-04-12T23:20:50.520Z
description: Date the approval was completed
approvalCriteria:
type: string
enum:
- SINGLE
- DOUBLE
- TRIPLE
- QUARTER
- HALF
- ALL
example: SINGLE
description: Criteria that needs to be met for an approval to be marked as approved
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
example: PENDING
description: The current status of the approval
additionalAttributes:
type: string
example: '{ "llm_description": "generated description" }'
description: Json string representing additional attributes known about the object to be approved.
referenceData:
type: array
items:
type: object
properties:
id:
type: string
example: 64012350-8fd9-4f6c-a170-1fe123683899
description: Id of the reference object
type:
type: string
example: AccessRequestId
description: What reference object does this ID correspond to
description: Reference objects related to the approval
description: Reference data related to the approval
description: Approval Object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/okta-verify/config:
get:
operationId: getMFAOktaConfig
tags:
- MFA Configuration
summary: Configuration of Okta MFA method
description: This API returns the configuration of an Okta MFA method. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
responses:
'200':
description: The configuration of an Okta MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setMFAOktaConfig
tags:
- MFA Configuration
summary: Set Okta MFA configuration
description: This API sets the configuration of an Okta MFA method. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute: email
responses:
'200':
description: MFA configuration of an Okta MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/duo-web/config:
get:
operationId: getMFADuoConfig
tags:
- MFA Configuration
summary: Configuration of Duo MFA method
description: This API returns the configuration of an Duo MFA method. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
responses:
'200':
description: The configuration of an Duo MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
configProperties:
skey: 6******B
ikey: Q123WE45R6TY7890ZXCV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setMFADuoConfig
tags:
- MFA Configuration
summary: Set Duo MFA configuration
description: This API sets the configuration of an Duo MFA method. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute: email
configProperties:
skey: 12q3WERlcUHWJmiMqyCXI3uOF7EaDJTbdeOp6E2B
ikey: Q123WE45R6TY7890ZXCV
responses:
'200':
description: MFA configuration of an Duo MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: q******y
identityAttribute: email
configProperties:
skey: 1******B
ikey: Q123WE45R6TY7890ZXCV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/kba/config:
get:
operationId: getMFAKbaConfig
tags:
- MFA Configuration
summary: Configuration of KBA MFA method
description: This API returns the KBA configuration for MFA. A token with USER or ORG_ADMIN authority is required to call this API.
parameters:
- in: query
name: allLanguages
required: false
schema:
type: boolean
description: |-
Indicator whether the question text should be returned in all configured languages
* If true, the question text is returned in all languages that it is configured in.
* If false, the question text is returned in the user locale if available, else for the default locale.
* If not passed, it behaves the same way as passing this parameter as false
example: allLanguages=true
security:
- UserContextAuth:
- 'idn:mfa-kba:read'
responses:
'200':
description: The configuration for KBA MFA method.
content:
application/json:
schema:
type: array
items:
description: KBA Configuration
type: object
properties:
id:
type: string
nullable: false
description: KBA Question Id
example: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
text:
type: string
nullable: false
description: KBA Question description
example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer:
type: boolean
nullable: false
description: Denotes whether the KBA question has an answer configured for any user in the tenant
example: true
numAnswers:
type: integer
format: int32
nullable: false
description: Denotes the number of KBA configurations for this question
example: 5
required:
- id
- text
- hasAnswer
- numAnswers
example:
- id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
text: MFA new question -1 ?
hasAnswer: false
numAnswers: 0
- id: '173421'
text: What is your alphanumeric PIN?
hasAnswer: false
numAnswers: 3
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/kba/config/answers:
post:
operationId: setMFAKBAConfig
tags:
- MFA Configuration
summary: Set MFA KBA configuration
description: |-
This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration.
A token with USER authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: false
description: Question Id
example: c54fee53-2d63-4fc5-9259-3e93b9994135
answer:
type: string
nullable: false
description: An answer for the KBA question
example: Your answer
required:
- id
- answer
example:
- id: '173423'
answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34
- id: c54fee53-2d63-4fc5-9259-3e93b9994135
answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
security:
- UserContextAuth:
- 'idn:mfa-kba:authenticate'
responses:
'200':
description: The new KBA configuration for the user.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: false
description: Question Id
example: c54fee53-2d63-4fc5-9259-3e93b9994135
question:
type: string
nullable: false
description: Question description
example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer:
type: boolean
nullable: false
description: Denotes whether the KBA question has an answer configured for the current user
example: true
required:
- id
- question
- hasAnswer
example:
- id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
question: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer: false
- id: '173421'
question: '[{"text":"What is your alphanumeric PIN?","locale":""}]'
hasAnswer: true
- id: c54fee53-2d63-4fc5-9259-3e93b9994135
question: '[{"text":"Nouvelle question MFA - 2 ?","locale":"fr"},{"text":"MFA new question - 2 ?","locale":""}]'
hasAnswer: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/mfa/{method}/test':
get:
operationId: testMFAConfig
tags:
- MFA Configuration
summary: MFA method's test configuration
description: |-
This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
parameters:
- in: path
name: method
schema:
type: string
example: okta-verify
required: true
description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.
responses:
'200':
description: The result of configuration test for the MFA provider.
content:
application/json:
schema:
description: Response model for configuration test of a given MFA method
type: object
properties:
state:
type: string
enum:
- SUCCESS
- FAILED
description: The configuration test result.
example: SUCCESS
readOnly: true
error:
type: string
example: MFA Method is disabled.
description: The error message to indicate the failure of configuration test.
readOnly: true
example:
state: SUCCESS
error: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/mfa/{method}/delete':
delete:
operationId: deleteMFAConfig
tags:
- MFA Configuration
summary: Delete MFA method configuration
description: |-
This API removes the configuration for the specified MFA method.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa-configuration:manage'
parameters:
- in: path
name: method
schema:
type: string
example: okta-verify
required: true
description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.
responses:
'200':
description: MFA configuration of an MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/okta-verify/verify:
post:
operationId: sendOktaVerifyRequest
tags:
- MFA Controller
summary: Verifying authentication via Okta method
description: 'This API Authenticates the user via Okta-Verify MFA method. Request requires a header called ''slpt-forwarding'', and it must contain a remote IP Address of caller.'
security:
- UserContextAuth:
- 'idn:mfa:verify'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userId:
type: string
nullable: false
description: User identifier for Verification request. The value of the user's attribute.
example: example@mail.com
required:
- userId
example:
userId: example@mail.com
responses:
'200':
description: The status of verification request.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The verificationPollRequest request ID
example: 089899f13a8f4da7824996191587bab9
status:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
- LOCKOUT
- NOT_ENOUGH_DATA
description: MFA Authentication status
example: SUCCESS
error:
type: string
nullable: true
description: Error messages from MFA verification request
example: Unable to connect DUO Service during verification
example:
requestId: 089899f13a8f4da7824996191587bab9
status: SUCCESS
error: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/duo-web/verify:
post:
operationId: sendDuoVerifyRequest
tags:
- MFA Controller
summary: Verifying authentication via Duo method
description: This API Authenticates the user via Duo-Web MFA method.
security:
- UserContextAuth:
- 'idn:mfa:verify'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userId:
type: string
nullable: false
description: User id for Verification request.
example: 2c9180947f0ef465017f215cbcfd004b
signedResponse:
type: string
nullable: false
description: User id for Verification request.
example: 'AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2'
required:
- userId
- signedResponse
example:
userId: 2c9180947f0ef465017f215cbcfd004b
signedResponse: 'AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2'
responses:
'200':
description: The status of verification request.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The verificationPollRequest request ID
example: 089899f13a8f4da7824996191587bab9
status:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
- LOCKOUT
- NOT_ENOUGH_DATA
description: MFA Authentication status
example: SUCCESS
error:
type: string
nullable: true
description: Error messages from MFA verification request
example: Unable to connect DUO Service during verification
example:
requestId: 089899f13a8f4da7824996191587bab9
status: SUCCESS
error: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/mfa/{method}/poll':
post:
operationId: pingVerificationStatus
tags:
- MFA Controller
summary: Polling MFA method by VerificationPollRequest
description: This API poll the VerificationPollRequest for the specified MFA method. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:mfa:poll'
parameters:
- in: path
name: method
schema:
type: string
example: okta-verify
required: true
description: 'The name of the MFA method. The currently supported method names are ''okta-verify'', ''duo-web'', ''kba'',''token'', ''rsa'''
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: false
description: Verification request Id
example: 089899f13a8f4da7824996191587bab9
required:
- requestId
example:
requestId: 089899f13a8f4da7824996191587bab9
responses:
'200':
description: MFA VerificationPollRequest status an MFA method.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The verificationPollRequest request ID
example: 089899f13a8f4da7824996191587bab9
status:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
- LOCKOUT
- NOT_ENOUGH_DATA
description: MFA Authentication status
example: SUCCESS
error:
type: string
nullable: true
description: Error messages from MFA verification request
example: Unable to connect DUO Service during verification
example:
requestId: 089899f13a8f4da7824996191587bab9
status: PENDING
error: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/kba/authenticate:
post:
operationId: sendKbaAnswers
tags:
- MFA Controller
summary: Authenticate KBA provided MFA method
description: This API Authenticate user in KBA MFA method.
security:
- UserContextAuth:
- 'idn:mfa-kba:authenticate'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: false
description: Question Id
example: c54fee53-2d63-4fc5-9259-3e93b9994135
answer:
type: string
nullable: false
description: An answer for the KBA question
example: Your answer
required:
- id
- answer
example:
- id: '173423'
answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34
- id: c54fee53-2d63-4fc5-9259-3e93b9994135
answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
responses:
'200':
description: KBA authenticated status.
content:
application/json:
schema:
type: object
properties:
kbaAuthResponseItems:
type: array
example:
- questionId: 089899f13a8f4da7824996191587bab9
isVerified: false
items:
type: object
properties:
questionId:
type: string
nullable: true
description: The KBA question id
example: 089899f13a8f4da7824996191587bab9
isVerified:
type: boolean
nullable: true
default: null
description: Return true if verified
example: true
status:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
- LOCKOUT
- NOT_ENOUGH_DATA
description: MFA Authentication status
example: PENDING
example:
kbaAuthResponseItem:
- questionId: 089899f13a8f4da7824996191587bab9
IsVerified: false
- questionId: 089899f13a8f4da7824996191587bda8
IsVerified: true
status: PENDING
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/token/authenticate:
post:
operationId: sendTokenAuthRequest
tags:
- MFA Controller
summary: Authenticate Token provided MFA method
description: This API Authenticate user in Token MFA method.
security:
- UserContextAuth:
- 'idn:mfa:verify'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
token:
nullable: false
type: string
description: Token value
example: '12345'
userAlias:
nullable: false
type: string
description: User alias from table spt_identity field named 'name'
example: will.albin
deliveryType:
nullable: false
type: string
enum:
- SMS_PERSONAL
- VOICE_PERSONAL
- SMS_WORK
- VOICE_WORK
- EMAIL_WORK
- EMAIL_PERSONAL
description: Token delivery type
example: EMAIL_WORK
required:
- token
- userAlias
- deliveryType
example:
token: '12345'
userAlias: will.albin
deliveryType: EMAIL_WORK
responses:
'200':
description: Token authenticated status.
content:
application/json:
schema:
type: object
properties:
status:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
- LOCKOUT
- NOT_ENOUGH_DATA
description: MFA Authentication status
example: PENDING
example:
status: PENDING
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/token/send:
post:
operationId: createSendToken
tags:
- MFA Controller
summary: Create and send user token
description: This API send token request.
security:
- UserContextAuth:
- 'idn:mfa:send'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userAlias:
nullable: false
type: string
description: User alias from table spt_identity field named 'name'
example: will.albin
deliveryType:
nullable: false
type: string
enum:
- SMS_PERSONAL
- VOICE_PERSONAL
- SMS_WORK
- VOICE_WORK
- EMAIL_WORK
- EMAIL_PERSONAL
description: Token delivery type
example: EMAIL_WORK
required:
- userAlias
- deliveryType
example:
userAlias: will.albin
deliveryType: EMAIL_WORK
responses:
'200':
description: Token send status.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The token request ID
example: 089899f13a8f4da7824996191587bab9
status:
type: string
enum:
- SUCCESS
- FAILED
description: Status of sending token
example: SUCCESS
errorMessage:
type: string
nullable: true
description: Error messages from token send request
example: Unable to sent text message
example:
requestId: 089899f13a8f4da7824996191587bab9
status: SUCCESS
errorMessage: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-template-defaults:
get:
operationId: listNotificationTemplateDefaults
tags:
- Notifications
summary: List Notification Template Defaults
description: 'This lists the default templates used for notifications, such as emails from IdentityNow.'
security:
- UserContextAuth:
- 'idn:notification-template-defaults:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
example: key eq "cloud_manual_work_item_summary"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**key**: *eq, in, sw*
**medium**: *eq, sw*
**locale**: *eq, sw*
responses:
'200':
description: A list of the default template objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the default template
name:
type: string
example: Task Manager Subscription
description: The name of the default template
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject of the default template
nullable: true
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body of the default template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address of the default template'
nullable: true
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" field of the default template
nullable: true
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description of the default template
nullable: true
slackTemplate:
type: object
nullable: true
properties:
key:
type: string
nullable: true
text:
type: string
blocks:
type: string
nullable: true
attachments:
type: string
notificationType:
type: string
nullable: true
approvalId:
type: string
nullable: true
requestId:
type: string
nullable: true
requestedById:
type: string
nullable: true
isSubscription:
type: boolean
nullable: true
autoApprovalData:
type: object
nullable: true
properties:
isAutoApproved:
type: string
nullable: true
itemId:
type: string
nullable: true
itemType:
type: string
nullable: true
autoApprovalMessageJSON:
type: string
nullable: true
autoApprovalTitle:
type: string
nullable: true
customFields:
type: object
nullable: true
properties:
requestType:
type: string
nullable: true
containsDeny:
type: string
nullable: true
campaignId:
type: string
nullable: true
campaignStatus:
type: string
nullable: true
teamsTemplate:
type: object
nullable: true
properties:
key:
type: string
nullable: true
title:
type: string
nullable: true
text:
type: string
messageJSON:
type: string
nullable: true
isSubscription:
type: boolean
nullable: true
approvalId:
type: string
nullable: true
requestId:
type: string
nullable: true
requestedById:
type: string
nullable: true
notificationType:
type: string
nullable: true
autoApprovalData:
type: object
nullable: true
properties:
isAutoApproved:
type: string
nullable: true
itemId:
type: string
nullable: true
itemType:
type: string
nullable: true
autoApprovalMessageJSON:
type: string
nullable: true
autoApprovalTitle:
type: string
nullable: true
customFields:
type: object
nullable: true
properties:
requestType:
type: string
nullable: true
containsDeny:
type: string
nullable: true
campaignId:
type: string
nullable: true
campaignStatus:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-templates:
get:
operationId: listNotificationTemplates
tags:
- Notifications
summary: List Notification Templates
description: This lists the templates that you have modified for your site.
security:
- UserContextAuth:
- 'idn:notification-templates:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**key**: *eq, in, sw*
**medium**: *eq, sw*
**locale**: *eq, sw*
example: medium eq "EMAIL"
responses:
'200':
description: A list of template objects for your site
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createNotificationTemplate
tags:
- Notifications
summary: Create Notification Template
description: |-
This creates a template for your site.
You can also use this endpoint to update a template. First, copy the response body from the [get notification template endpoint](https://developer.sailpoint.com/idn/api/beta/get-notification-template) for a template you wish to update and paste it into the request body for this endpoint. Modify the fields you want to change and submit the POST request when ready.
security:
- UserContextAuth:
- 'idn:notification-templates:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
responses:
'200':
description: A template object for your site
content:
application/json:
schema:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/notification-templates/{id}':
get:
operationId: getNotificationTemplate
tags:
- Notifications
summary: Get Notification Template By Id
description: This gets a template that you have modified for your site by Id.
parameters:
- name: id
in: path
description: Id of the Notification Template
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: A template object for your site
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-templates/bulk-delete:
post:
operationId: deleteNotificationTemplatesInBulk
tags:
- Notifications
summary: Bulk Delete Notification Templates
description: 'This lets you bulk delete templates that you previously created for your site. Since this is a beta feature, please contact support to enable usage.'
security:
- UserContextAuth:
- 'idn:notification-templates:delete'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
medium:
type: string
enum:
- EMAIL
- PHONE
- SMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
required:
- key
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/oauth-clients:
get:
operationId: listOauthClients
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: List OAuth Clients
description: This gets a list of OAuth clients.
parameters:
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of OAuth clients.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Create OAuth Client
description: This creates an OAuth client.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
nullable: true
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.
example:
- 'http://localhost:12345'
- 'http://localhost:67890'
grantTypes:
type: array
nullable: true
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal within the product.
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.'
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- name
- description
- accessTokenValiditySeconds
- grantTypes
- accessType
- enabled
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
secret:
type: string
description: Secret of the OAuth client (This field is only returned on the intial create call.)
example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3
businessName:
type: string
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- secret
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/oauth-clients/{id}':
get:
operationId: getOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
- 'sp:oauth-client:read'
tags:
- OAuth Clients
summary: Get OAuth Client
description: This gets details of an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Delete OAuth Client
description: This deletes an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Patch OAuth Client
description: |-
This performs a targeted update to the field(s) of an OAuth client.
Request will require a security scope of
- sp:oauth-client:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* tenant
* businessName
* homepageUrl
* name
* description
* accessTokenValiditySeconds
* refreshTokenValiditySeconds
* redirectUris
* grantTypes
* accessType
* enabled
* strongAuthSupported
* claimsSupported
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /strongAuthSupported
value: true
- op: replace
path: /businessName
value: acme-solar
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/org-config:
get:
operationId: getOrgConfig
tags:
- Org Config
summary: Get Org configuration settings
security:
- UserContextAuth:
- 'idn:org-configs:read'
- 'idn:org-configs:manage'
description: Get org configuration with only external (org admin) accessible properties for the current org.
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users
properties:
orgName:
type: string
description: The name of the org.
example: acme-solar
timeZone:
type: string
description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones
example: America/Toronto
lcsChangeHonorsSourceEnableFeature:
type: boolean
description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.
example: false
armCustomerId:
type: string
description: ARM Customer ID
nullable: true
example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E
armSapSystemIdMappings:
type: string
description: 'A list of IDN::sourceId to ARM::systemId mappings.'
nullable: true
example:
- sourceId: 2c91808c791a94e501792388b0d62659
systemId: '1556'
- sourceId: 2_2c91808c791a94e501792388b0d62659
systemId: '2_1556'
- sourceId: 3_2c91808c791a94e501792388b0d62659
systemId: '3_1556'
armAuth:
type: string
description: ARM authentication string
nullable: true
example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==
armDb:
type: string
description: ARM database name
nullable: true
example: EU
armSsoUrl:
type: string
description: ARM SSO URL
nullable: true
example: 'https://your-arm-sso-url'
iaiEnableCertificationRecommendations:
type: boolean
description: Flag to determine whether IAI Certification Recommendations are enabled for the current org
example: true
sodReportConfigs:
type: array
items:
type: object
properties:
columnName:
type: string
description: Name of column in report
example: SOD Business Name
required:
type: boolean
description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.'
example: true
default: false
included:
type: boolean
description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.'
example: false
default: false
order:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchOrgConfig
tags:
- Org Config
summary: Patch an Org configuration property
security:
- UserContextAuth:
- 'idn:org-configs:manage'
description: 'Patch configuration of the current org using http://jsonpatch.com/ syntax. Commonly used for changing the time zone of an org.'
requestBody:
description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /timeZone
value: America/Toronto
required: true
responses:
'200':
description: The Org was successfully patched.
content:
application/json:
schema:
type: object
description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users
properties:
orgName:
type: string
description: The name of the org.
example: acme-solar
timeZone:
type: string
description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones
example: America/Toronto
lcsChangeHonorsSourceEnableFeature:
type: boolean
description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.
example: false
armCustomerId:
type: string
description: ARM Customer ID
nullable: true
example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E
armSapSystemIdMappings:
type: string
description: 'A list of IDN::sourceId to ARM::systemId mappings.'
nullable: true
example:
- sourceId: 2c91808c791a94e501792388b0d62659
systemId: '1556'
- sourceId: 2_2c91808c791a94e501792388b0d62659
systemId: '2_1556'
- sourceId: 3_2c91808c791a94e501792388b0d62659
systemId: '3_1556'
armAuth:
type: string
description: ARM authentication string
nullable: true
example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==
armDb:
type: string
description: ARM database name
nullable: true
example: EU
armSsoUrl:
type: string
description: ARM SSO URL
nullable: true
example: 'https://your-arm-sso-url'
iaiEnableCertificationRecommendations:
type: boolean
description: Flag to determine whether IAI Certification Recommendations are enabled for the current org
example: true
sodReportConfigs:
type: array
items:
type: object
properties:
columnName:
type: string
description: Name of column in report
example: SOD Business Name
required:
type: boolean
description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.'
example: true
default: false
included:
type: boolean
description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.'
example: false
default: false
order:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/org-config/valid-time-zones:
get:
operationId: getValidTimeZones
tags:
- Org Config
summary: Get list of time zones
security:
- UserContextAuth:
- 'idn:org-configs:read'
- 'idn:org-configs-user:read'
description: Get a list of valid time zones that can be set in org configurations.
responses:
'200':
description: Request successful
content:
application/json:
schema:
type: array
items:
type: string
example:
- Etc/GMT-6
- Etc/GMT+8
- EST
- America/Chicago
- America/Toronto
- Asia/Gaza
- Europe/Brussels
- Europe/Kiev
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/outlier-summaries:
get:
operationId: getIdentityOutlierSnapshots
tags:
- IAI Outliers
summary: IAI Identity Outliers Summary
description: |-
This API receives a summary containing: the number of identities that customer has, the number of outliers, and the type of outlier
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**snapshotDate**: *ge, le*
example: 'snapshotDate ge "2022-02-07T20:13:29.356648026Z"'
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **snapshotDate**
example: snapshotDate
required: false
responses:
'200':
description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
snapshotDate:
type: string
format: date-time
description: The date the bulk outlier detection ran/snapshot was created
example: '2021-05-01T18:40:35.772Z'
totalOutliers:
type: integer
description: Total number of outliers for the customer making the request
example: 50
totalIdentities:
type: integer
description: Total number of identities for the customer making the request
example: 5000
totalIgnored:
type: integer
default: 0
example: 0
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/outlier-summaries/latest:
get:
operationId: getLatestIdentityOutlierSnapshots
tags:
- IAI Outliers
summary: IAI Identity Outliers Latest Summary
description: |-
This API returns a most recent snapshot of each outlier type, each containing: the number of identities that customer has, the number of outliers, and the type of outlier
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
responses:
'200':
description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
snapshotDate:
type: string
format: date-time
description: The date the bulk outlier detection ran/snapshot was created
example: '2021-05-01T18:40:35.772Z'
totalOutliers:
type: integer
description: Total number of outliers for the customer making the request
example: 50
totalIdentities:
type: integer
description: Total number of identities for the customer making the request
example: 5000
totalIgnored:
type: integer
description: Total number of ignored outliers
example: 10
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/outliers:
get:
operationId: getIdentityOutliers
tags:
- IAI Outliers
summary: IAI Get Identity Outliers
description: |-
This API receives a list of outliers, containing data such as: identityId, outlier type, detection dates, identity attributes, if identity is ignore, and certification information
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
example: LOW_SIMILARITY
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**attributes**: *eq, sw, co, in*
**firstDetectionDate**: *ge, le*
**certStatus**: *eq*
**ignored**: *eq*
**score**: *ge, le*
example: attributes.displayName sw "John" and certStatus eq "false"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **firstDetectionDate, attributes, score**
example: 'attributes.displayName,firstDetectionDate,-score'
responses:
'200':
description: Succeeded. Returns list of objects. Each object contains information about outliers
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The identity's unique identifier for the outlier record
example: 5be33d3e-c54d-4ed7-af73-2380543e8283
identityId:
type: string
description: The ID of the identity that is detected as an outlier
example: 5be33d3e-c54d-4ed7-af73-2380543e8283
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
firstDetectionDate:
type: string
format: date-time
description: The first date the outlier was detected
example: '2021-05-01T18:40:35.772Z'
latestDetectionDate:
type: string
format: date-time
description: The most recent date the outlier was detected
example: '2021-05-03T18:40:35.772Z'
ignored:
type: boolean
description: Flag whether or not the outlier has been ignored
example: false
attributes:
type: object
description: Object containing mapped identity attributes
example:
displayName: John Smith
jobTitle: Software Engineer
department: Engineering
score:
type: number
format: float
description: The outlier score determined by the detection engine ranging from 0..1
example: 0.92
unignoreType:
type: string
enum:
- MANUAL
- AUTOMATIC
- null
description: Enum value of if the outlier manually or automatically un-ignored. Will be NULL if outlier is not ignored
example: MANUAL
nullable: true
unignoreDate:
type: string
format: date-time
description: shows date when last time has been unignored outlier
example: '2021-06-01T18:40:35.772Z'
nullable: true
ignoreDate:
type: string
format: date-time
description: shows date when last time has been ignored outlier
example: '2021-06-01T18:40:35.772Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/outliers/{outlierId}/contributing-features':
get:
operationId: getPeerGroupOutliersContributingFeatures
tags:
- IAI Outliers
summary: Get identity outlier's contibuting features
description: |-
This API returns a list of contributing feature objects for a single outlier. The object contains: feature name, feature value type, value, importance, display name (translated text or message key), description (translated text or message key), translation messages object
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: include-translation-messages
in: query
description: Whether or not to include translation messages object in returned response
required: false
schema:
type: string
example: include-translation-messages=
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: outlierId
schema:
type: string
required: true
description: The outlier id
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: importance
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **importance**
responses:
'200':
description: Succeeded. Returns list of objects. Each object contains a feature and metadata about that feature
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
accept-language:
description: The locale to use for translations for displayName and description text
schema:
type: string
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Contributing feature id
example: 66e38828-5017-47af-92ff-9844871352c5
name:
type: string
description: The name of the feature
example: entitlement_count
valueType:
type: string
enum:
- INTEGER
- FLOAT
description: The data type of the value field
example: INTEGER
value:
oneOf:
- type: number
format: float
minimum: 0
maximum: 1
- type: integer
format: int64
description: The feature value
example: 0.92
importance:
type: number
format: float
description: The importance of the feature. This can also be a negative value
minimum: -1
maximum: 1
example: -0.15
displayName:
type: string
description: The (translated if header is passed) displayName for the feature
example: Number of entitlements
description:
type: string
description: The (translated if header is passed) description for the feature
example: The total number of entitlements belonging to an identity
translationMessages:
type: object
properties:
displayName:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
description:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/outliers/{outlierId}/feature-details/{contributingFeatureName}/access-items':
get:
operationId: listOutliersContributingFeatureAccessItems
tags:
- IAI Outliers
summary: Gets a list of access items associated with each identity outlier contributing feature
description: |-
This API returns a list of the enriched access items associated with each feature filtered by the access item type The object contains: accessItemId, display name (translated text or message key), description (translated text or message key), accessType, sourceName, extremelyRare
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: outlierId
schema:
type: string
required: true
description: The outlier id
example: 2c918085842e69ae018432d22ccb212f
- in: path
name: contributingFeatureName
schema:
type: string
enum:
- radical_entitlement_count
- entitlement_count
- max_jaccard_similarity
- mean_max_bundle_concurrency
- single_entitlement_bundle_count
- peerless_score
required: true
description: The name of contributing feature
example: entitlement_count
- in: query
name: accessType
required: false
schema:
type: string
description: 'The type of access item for the identity outlier contributing feature. If not provided, it returns all'
example: ENTITLEMENT
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: displayName
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **displayName**
responses:
'200':
description: The list of access items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the access item
example: 2c938083633d259901633d2623ec0375
displayName:
type: string
description: the display name of the access item
example: Applied Research Access
description:
type: string
description: Description of the access item.
example: 'Access to research information, lab results, and schematics'
accessType:
type: string
example: ENTITLEMENT
description: The type of the access item.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
sourceName:
type: string
example: appName
description: the associated source name if it exists
extremelyRare:
type: boolean
default: false
example: true
description: rarest access
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'iai:outliers-management:read'
/outliers/ignore:
post:
operationId: ignoreIdentityOutliers
tags:
- IAI Outliers
summary: IAI Identity Outliers Ignore
description: |-
This API receives a list of IdentityIDs in the request, changes the outliers to be ignored--returning a 204 if successful.
Requires authorization scope of 'iai:outliers-management:update'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: string
description: List of identity IDs to ignore from outlier listing
example:
- abc123def456
- ghi789jkl012
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/outliers/unignore:
post:
operationId: unIgnoreIdentityOutliers
tags:
- IAI Outliers
summary: IAI Identity Outliers Unignore
description: |-
This API receives a list of IdentityIDs in the request, changes the outliers to be un-ignored--returning a 204 if successful.
Requires authorization scope of 'iai:outliers-management:update'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: string
description: List of identity IDs to un-ignore from outlier listing
example:
- abc123def456
- ghi789jkl012
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/outliers/export:
get:
operationId: exportOutliersZip
tags:
- IAI Outliers
summary: IAI Identity Outliers Export
description: |-
This API exports a list of ignored outliers to a CSV as well as list of non-ignored outliers to a CSV. These two CSVs will be zipped and exported Columns will include: identityID, type, firstDetectionDate, latestDetectionDate, ignored, & attributes (defined set of identity attributes)
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
responses:
'200':
description: Succeeded. Returns zip of 2 CSVs to download. 1 CSV for ignored outliers and 1 for non-ignored outliers
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/outlier-feature-summaries/{outlierFeatureId}':
get:
operationId: getOutlierContributingFeatureSummary
tags:
- IAI Outliers
summary: Get identity outlier contibuting feature summary
description: |-
This API returns a summary of a contributing feature for an identity outlier. The object contains: contributing feature name (translated text or message key), identity outlier display name, feature values, feature definition and explanation (translated text or message key), peer display name and identityId, access item reference, translation messages object
Requires authorization scope of 'iai:outliers-management:read'
parameters:
- in: path
name: outlierFeatureId
schema:
type: string
required: true
description: Contributing feature id
example: 04654b66-7561-4090-94f9-abee0722a1af
responses:
'200':
description: Succeeded. Returns selected contributing feature summary for an outlier
headers:
accept-language:
description: The locale to use for translations
schema:
type: string
content:
application/json:
schema:
type: object
properties:
contributingFeatureName:
type: string
description: Contributing feature name
example: Rare Access
identityOutlierDisplayName:
type: string
description: Identity display name
example: John Smith
outlierFeatureDisplayValues:
type: array
items:
type: object
properties:
displayName:
type: string
example: Aliza Chris
description: display name
value:
type: string
example: 55
description: value
valueType:
type: string
enum:
- INTEGER
- FLOAT
description: The data type of the value field
example: INTEGER
featureDefinition:
type: string
description: Definition of the feature
example: Identity total number of entitlements
featureExplanation:
type: string
description: Detailed explanation of the feature
example: An identity that has too much rare access has a higher change of becoming a security threat due to the unique access they possess
peerDisplayName:
type: string
description: outlier's peer identity display name
example: Mary Jane
peerIdentityId:
type: string
description: outlier's peer identity id
example: 9f9d5d53ad0e48fba7352f6da9f1b8gbg
accessItemReference:
type: object
description: Access Item reference
example:
displayName: All Rare Entitlements
searchPlaceholder: Search by name or description
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'iai:outliers-management:read'
/password-dictionary:
get:
operationId: getPasswordDictionary
tags:
- Password Dictionary
summary: Get Password Dictionary
description: |-
This gets password dictionary for the organization.
A token with ORG_ADMIN authority is required to call this API.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- UserContextAuth:
- 'idn:password-dictionary-management:read'
responses:
'200':
description: A password dictionary response
content:
text/plain:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordDictionary
tags:
- Password Dictionary
summary: Update Password Dictionary
description: |-
This updates password dictionary for the organization.
A token with ORG_ADMIN authority is required to call this API.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- UserContextAuth:
- 'idn:password-dictionary:manage'
requestBody:
required: true
description: The password dictionary file to be uploaded.
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully updated.
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/query-password-info:
post:
operationId: queryPasswordInfo
tags:
- Password Management
summary: Query Password Info
description: |
This API is used to query password related information.
A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)
is required to call this API. "API authority" refers to a token that only has the "client_credentials"
grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)
or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)
grant type will **NOT** work on this endpoint, and a `403 Forbidden` response
will be returned.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userName:
type: string
description: The login name of the user
example: Abby.Smith
sourceName:
type: string
description: The display name of the source
example: My-AD
example:
userName: Abby.Smith
sourceName: My-AD
responses:
'200':
description: Reference to the password info.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
example: 2c918085744fec4301746f9a5bce4605
sourceId:
type: string
example: 2c918083746f642c01746f990884012a
publicKeyId:
type: string
example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh
publicKey:
type: string
description: User's public key with Base64 encoding
example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB
accounts:
type: array
description: Account info related to queried identity and source
items:
type: object
properties:
accountId:
type: string
description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
accountName:
type: string
description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008'
example: Abby.Smith
policies:
type: array
description: Password constraints
items:
type: string
example:
- passwordRepeatedChar is 3
- passwordMinAlpha is 1
- passwordMinLength is 5
- passwordMinNumeric is 1
example:
identityId: 2c918085744fec4301746f9a5bce4611
sourceId: 2c918083746f642c01746f9908840111
publicKeyId: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVA
publicKey: AIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB
accounts:
- accountId: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
accountName: Abby.Smith
policies:
- passwordRepeatedChar is 3
- passwordMinAlpha is 1
- passwordMinLength is 5
- passwordMinNumeric is 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/set-password:
post:
operationId: setIdentityPassword
tags:
- Password Management
summary: Set Identity's Password
security:
- UserContextAuth:
- 'idn:password-change:manage'
description: |
This API is used to set a password for an identity.
An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts.
"API authority" refers to a token that only has the "client_credentials" grant type.
>**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.**
You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey).
To do so, follow these steps:
1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`.
2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password.
3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:
```java
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java util.Base64;
String encrypt(String publicKey, String toEncrypt) throws Exception {
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);
byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(encryptedBytes);
}
private byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {
PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(publicKeyBytes));
String transformation = "RSA/ECB/PKCS1Padding";
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(1, key);
return cipher.doFinal(toEncryptBytes);
}
```
In this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent.
You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: The identity ID that requested the password change
example: 8a807d4c73c545510173c545f0a002ff
encryptedPassword:
type: string
description: The RSA encrypted password
example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==
publicKeyId:
type: string
description: The encryption key ID
example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2
accountId:
type: string
description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
sourceId:
type: string
description: The ID of the source for which identity is requesting the password change
example: 8a807d4c73c545510173c545d4b60246
example:
identityId: 8a807d4c73c545510173c545f0a002ff
encryptedPassword: GIAP7TaAg7Y2EJtFojokBDvHQ/iXF3qk0z0+eLusqXMSkEhAfr34GydFLy+BM2uZB94cwbTYKi9rRrCRRdh8610VeqpRDjhuc28nOPYqTJOx09IGJdr8dl4mbhC1f21JCqMBBrFSA4VQQvd6OMVsceoXTjDI0aKahRYNjlMlsOuaIUZeNQxWBydLuR6vYG3qAKEPCzYZbvyYuBUylUWArfqwV4dgwKGDgDkTLBkQU9LVu3rssc+BXaex6l6JcBDiPg7wvKD1G3lZ+BaGrMknbx3j0T2Uivg+HxwTf7PmtAua6O9M7F984c79KM+sYFTU37MAdlWZu/cy+w2DdHVdCg==
publicKeyId: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2
accountId: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
sourceId: 8a807d4c73c545510173c545d4b60246
responses:
'202':
description: Reference to the password change.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
examples:
Password change is in progress:
value:
state: IN_PROGRESS
requestId: 089899f13a8f4da7824996191587bab9
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-change-status/{id}':
get:
operationId: getIdentityPasswordChangeStatus
tags:
- Password Management
summary: Get Password Change Request Status
description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
responses:
'200':
description: Status of the password change request
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
errors:
type: array
items:
type: string
description: The errors during the password change request
sourceIds:
type: array
items:
type: string
description: List of source IDs in the password change request
example:
status: IN_PROCESS
reqeustId: 089899f13a8f4da7824996191587bab9
error: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-sync-groups:
get:
operationId: getPasswordSyncGroups
tags:
- Password Sync Groups
summary: Get Password Sync Group List
description: This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of password sync groups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordSyncGroup
tags:
- Password Sync Groups
summary: Create Password Sync Group
description: This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-sync-groups/{id}':
get:
operationId: getPasswordSyncGroup
tags:
- Password Sync Groups
summary: Get Password Sync Group by ID
description: This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to retrieve.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 1
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePasswordSyncGroup
tags:
- Password Sync Groups
summary: Update Password Sync Group by ID
description: This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to update.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePasswordSyncGroup
tags:
- Password Sync Groups
summary: Delete Password Sync Group by ID
description: This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to delete.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-policies/{id}':
get:
operationId: getPasswordPolicyById
tags:
- Password Policies
summary: Get Password Policy by ID
description: This API returns the password policy for the specified ID. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-policy:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password policy to retrieve.
example: ff808081838d9e9d01838da6a03e0005
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Default Password Policy
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Example PP
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: true
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setPasswordPolicy
tags:
- Password Policies
summary: Update Password Policy by ID
description: This API updates the specified password policy. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-policy:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password policy to update.
example: ff808081838d9e9d01838da6a03e0007
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Password Policy after update.
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Improved Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Password Policy after update.
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Improved Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePasswordPolicy
tags:
- Password Policies
summary: Delete Password Policy by ID
description: This API deletes the specified password policy. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-policy:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password policy to delete.
example: ff808081838d9e9d01838da6a03e0002
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-policies:
post:
operationId: createPasswordPolicy
tags:
- Password Policies
summary: Create Password Policy
description: This API creates the specified password policy. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-policy:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: New Password Policy with high requirements to password complexity.
id: null
name: High security Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listPasswordPolicies
tags:
- Password Policies
summary: List Password Policies
description: |-
This gets list of all Password Policies.
Requires role of ORG_ADMIN
security:
- UserContextAuth:
- 'idn:password-policy:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of all Password Policies.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: string
format: date-time
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: string
nullable: true
format: date-time
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
- description: Example Password Policy
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Example PP
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
- description: null
id: 2c91808780b8b8430180ff7a093f3bf2
name: Password Policy 1 test
dateCreated: 1653553629503
lastUpdated: null
firstExpirationReminder: null
accountIdMinWordLength: -1
accountNameMinWordLength: -1
maxLength: 0
maxRepeatedChars: -1
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: true
validateAgainstAccountId: false
validateAgainstAccountName: false
sourceIds: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-org-config:
get:
operationId: getPasswordOrgConfig
tags:
- Password Configuration
summary: Get Password Org Config
description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read'''
security:
- UserContextAuth:
- 'idn:password-org-config:read'
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: false
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordOrgConfig
tags:
- Password Configuration
summary: Update Password Org Config
description: |-
This API updates the password org config for specified fields. Other fields will keep original value.
You must set the `customInstructionsEnabled` field to "true" to be able to use custom password instructions.
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- UserContextAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
digitTokenEnabled: true
digitTokenDurationMinutes: 12
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 12
digitTokenEnabled: true
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordOrgConfig
tags:
- Password Configuration
summary: Create Password Org Config
description: |-
This API creates the password org config. Unspecified fields will use default value.
To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true".
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- UserContextAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenEnabled: true
digitTokenDurationMinutes: 12
digitTokenLength: 9
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: true
digitTokenLength: 12
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/peer-group-strategies/{strategy}/identity-outliers':
get:
operationId: getPeerGroupOutliers
tags:
- IAI Peer Group Strategies
summary: Identity Outliers List
deprecated: true
description: '-- Deprecated : See ''IAI Outliers'' This API will be used by Identity Governance systems to identify identities that are not included in an organization''s peer groups. By default, 250 identities are returned. You can specify between 1 and 1000 number of identities that can be returned.'
parameters:
- in: path
name: strategy
schema:
type: string
required: true
description: 'The strategy used to create peer groups. Currently, ''entitlement'' is supported.'
example: entitlement
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of identities that are not included in peer groups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: A unique identifier for the peer group member.
type:
type: string
description: The type of the peer group member.
peer_group_id:
type: string
description: The ID of the peer group.
attributes:
type: object
additionalProperties:
type: object
description: 'Arbitrary key-value pairs, belonging to the peer group member.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
/personal-access-tokens:
get:
operationId: listPersonalAccessTokens
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:read'
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:read'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: List Personal Access Tokens
description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.'
parameters:
- in: query
name: owner-id
description: |-
The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'.
If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: This creates a personal access token.
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
type: object
description: Object for specifying the name of a personal access token to create
properties:
name:
type: string
description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.'
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
required:
- name
responses:
'200':
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
secret:
type: string
description: The secret of the personal access token (to be used as the password for Basic Auth).
example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
required:
- id
- secret
- scope
- name
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/personal-access-tokens/{id}':
patch:
operationId: patchPersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Patch Personal Access Token
description: This performs a targeted update to the field(s) of a Personal Access Token.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Personal Access Token id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* scope
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: New name
- op: replace
path: /scope
value:
- 'sp:scopes:all'
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Delete Personal Access Token
description: This deletes a personal access token.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/public-identities-config:
get:
operationId: getPublicIdentityConfig
tags:
- Public Identities Config
summary: Get Public Identity Config
description: This gets details of public identity config.
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org
properties:
attributes:
type: array
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: the key of the attribute
example: country
name:
type: string
description: the display name of the attribute
example: Country
modifiedBy:
type: object
nullable: true
description: The manager for the identity.
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
modified:
type: string
description: the date/time of the modification
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePublicIdentityConfig
tags:
- Public Identities Config
summary: Update Public Identity Config
description: This updates the details of public identity config.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org
properties:
attributes:
type: array
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: the key of the attribute
example: country
name:
type: string
description: the display name of the attribute
example: Country
modifiedBy:
type: object
nullable: true
description: The manager for the identity.
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
modified:
type: string
description: the date/time of the modification
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org
properties:
attributes:
type: array
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: the key of the attribute
example: country
name:
type: string
description: the display name of the attribute
example: Country
modifiedBy:
type: object
nullable: true
description: The manager for the identity.
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
modified:
type: string
description: the date/time of the modification
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-template-context:
get:
operationId: getNotificationsTemplateContext
tags:
- Notifications
summary: Get Notification Template Context
description: |-
The notification service maintains metadata to construct the notification templates or supply any information during the event propagation. The data-store where this information is retrieved is called "Global Context" (a.k.a. notification template context). It defines a set of attributes
that will be available per tenant (organization).
security:
- UserContextAuth:
- 'idn:notification-templates:read'
responses:
'200':
description: Notification template context attributes for a specific tenant.
content:
application/json:
schema:
type: object
properties:
attributes:
type: object
additionalProperties: true
description: A JSON object that stores the context.
example:
productUrl: 'https://test-org.identitysoon.com'
brandingConfigs:
default:
narrowLogoURL: null
productName: SailPoint
standardLogoURL: null
navigationColor: 011E64
actionButtonColor: 20B2DE
emailFromAddress: null
activeLinkColor: 20B2DE
loginInformationalMessage: null
created:
type: string
description: When the global context was created
format: date-time
example: '2020-04-15T16:16:47.525Z'
modified:
type: string
description: When the global context was last modified
format: date-time
example: '2020-04-15T16:16:47.525Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/notification-preferences/{key}':
get:
operationId: listNotificationPreferences
tags:
- Notifications
summary: List Notification Preferences for tenant.
description: Returns a list of notification preferences for tenant.
security:
- UserContextAuth:
- 'idn:notification-preferences:read'
responses:
'200':
description: Return preference for the given notification key.
content:
application/json:
schema:
type: array
items:
type: object
description: Maps an Identity's attribute key to a list of preferred notification mediums.
properties:
key:
type: string
description: The template notification key.
example: cloud_manual_work_item_summary
mediums:
type: array
description: 'List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.'
items:
type: string
enum:
- EMAIL
- SMS
- PHONE
- SLACK
- TEAMS
example:
- EMAIL
modified:
type: string
description: Modified date of preference
format: date-time
example: '2020-05-15T14:37:06.909Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reassignment-configurations/types:
get:
operationId: getReassignmentConfigTypes
tags:
- Work Reassignment
summary: List Reassignment Config Types
description: Gets a collection of types which are available in the Reassignment Configuration UI.
security:
- UserContextAuth:
- 'idn:reassignment-configuration:read'
responses:
'200':
description: List of Reassignment Configuration Types
content:
application/json:
schema:
type: array
items:
type: object
description: Type of Reassignment Configuration.
properties:
priority:
type: integer
example: 1
internalName:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- accessRequests
- certifications
- manualTasks
example: accessRequests
internalNameCamel:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
displayName:
type: string
description: Human readable display name of the type to be shown on UI
example: Access Requests
description:
type: string
description: 'Description of the type of work to be reassigned, displayed by the UI.'
example: Reassign Access Request Work Items for an identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reassignment-configurations:
get:
operationId: listReassignmentConfigurations
tags:
- Work Reassignment
summary: List Reassignment Configurations
description: Gets all Reassignment configuration for the current org.
security:
- UserContextAuth:
- 'idn:reassignment-configuration:read'
responses:
'200':
description: A list of Reassignment Configurations for an org
content:
application/json:
schema:
type: array
items:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createReassignmentConfiguration
tags:
- Work Reassignment
summary: Create a Reassignment Configuration
description: Creates a new Reassignment Configuration for the specified identity.
security:
- UserContextAuth:
- 'idn:reassignment-configuration:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: The request body for creation or update of a Reassignment Configuration for a single identity and work type
properties:
reassignedFromId:
type: string
description: The identity id to reassign an item from
example: 2c91808781a71ddb0181b9090b5c504e
reassignedToId:
type: string
description: The identity id to reassign an item to
example: 2c91808781a71ddb0181b9090b53504a
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an null string it indicates a permanent reassignment.
format: date-time
nullable: true
example: '2022-07-30T17:00:00.000Z'
responses:
'201':
description: The newly created Reassignment Configuration object
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reassignment-configurations/{identityId}':
get:
operationId: getReassignmentConfiguration
tags:
- Work Reassignment
summary: Get Reassignment Configuration
description: Gets the Reassignment Configuration for an identity.
security:
- UserContextAuth:
- 'idn:reassignment-configuration:read'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
example: 2c91808781a71ddb0181b9090b5c504f
responses:
'200':
description: Reassignment Configuration for an identity
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putReassignmentConfig
tags:
- Work Reassignment
summary: Update Reassignment Configuration
description: Replaces existing Reassignment configuration for an identity with the newly provided configuration.
security:
- UserContextAuth:
- 'idn:reassignment-configuration:update'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
example: 2c91808781a71ddb0181b9090b5c504e
requestBody:
required: true
content:
application/json:
schema:
type: object
description: The request body for creation or update of a Reassignment Configuration for a single identity and work type
properties:
reassignedFromId:
type: string
description: The identity id to reassign an item from
example: 2c91808781a71ddb0181b9090b5c504e
reassignedToId:
type: string
description: The identity id to reassign an item to
example: 2c91808781a71ddb0181b9090b53504a
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an null string it indicates a permanent reassignment.
format: date-time
nullable: true
example: '2022-07-30T17:00:00.000Z'
responses:
'200':
description: Reassignment Configuration updated
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteReassignmentConfiguration
tags:
- Work Reassignment
summary: Delete Reassignment Configuration
description: Deletes all Reassignment Configuration for the specified identity
security:
- UserContextAuth:
- 'idn:reassignment-configuration:delete'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
example: 2c91808781a71ddb0181b9090b5c504e
responses:
'204':
description: Reassignment Configuration deleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reassignment-configurations/{identityId}/evaluate/{configType}':
get:
operationId: getEvaluateReassignmentConfiguration
tags:
- Work Reassignment
summary: Evaluate Reassignment Configuration
description: 'Evaluates the Reassignment Configuration for an `Identity` to determine if work items for the specified type should be reassigned. If a valid Reassignment Configuration is found for the identity & work type, then a lookup is initiated which recursively fetches the Reassignment Configuration for the next `TargetIdentity` until no more results are found or a max depth of 5. That lookup trail is provided in the response and the final reassigned identity in the lookup list is returned as the `reassignToId` property. If no Reassignment Configuration is found for the specified identity & config type then the requested Identity ID will be used as the `reassignToId` value and the lookupTrail node will be empty.'
security:
- UserContextAuth:
- 'idn:reassignment-configuration:evaluate'
parameters:
- in: path
name: identityId
required: true
schema:
type: string
description: unique identity id
example: 2c91808781a71ddb0181b9090b5c504e
- in: path
name: configType
required: true
schema:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
description: Reassignment work type
example: accessRequests
- in: query
name: exclusionFilters
required: false
schema:
type: array
items:
type: string
description: 'Exclusion filters that disable parts of the reassignment evaluation. Possible values are listed below: - `SELF_REVIEW_DELEGATION`: This will exclude delegations of self-review reassignments'
example: SELF_REVIEW_DELEGATION
responses:
'200':
description: Evaluated Reassignment Configuration
content:
application/json:
schema:
type: array
items:
type: object
description: The response body for Evaluate Reassignment Configuration
properties:
reassignToId:
type: string
description: The Identity ID which should be the recipient of any work items sent to a specific identity & work type
example: 869320b6b6f34a169b6178b1a865e66f
lookupTrail:
type: array
description: List of Reassignments found by looking up the next `TargetIdentity` in a ReassignmentConfiguration
items:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
reassignedToId:
type: string
description: The ID of the Identity who work is reassigned to
example: 869320b6b6f34a169b6178b1a865e66f
reassignedFromId:
type: string
description: The ID of the Identity who work is reassigned from
example: 51948a8f306a4e7a9a6f8f5d032fa59e
reassignmentType:
description: Reassignment type
type: string
enum:
- 'MANUAL_REASSIGNMENT,'
- 'AUTOMATIC_REASSIGNMENT,'
- 'AUTO_ESCALATION,'
- SELF_REVIEW_DELEGATION
example: AUTOMATIC_REASSIGNMENT
examples:
empty:
summary: Evaluate response when no Reassignment Configuration is found
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail: []
longTrail:
summary: Evaluate response when a long Reassignment trail is found
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail:
- reassignedToId: 2c918084575812550157589064f33b89
reassignedFromId: 2c9180825a6c1adc015a71c9023f0818
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignedFromId: 2c918084575812550157589064f33b89
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 31d9c631f5574571a935aaa48a6255df
reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 279de502e5dc43f4854e1b96f57c578f
reassignedFromId: 31d9c631f5574571a935aaa48a6255df
reassignmentType: AUTOMATIC_REASSIGNMENT
selfReview:
summary: Evaluate response when a self-review is found and manager or org admin escalation is applied
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail:
- reassignedToId: 2c918084575812550157589064f33b89
reassignedFromId: 2c9180825a6c1adc015a71c9023f0818
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignedFromId: 2c918084575812550157589064f33b89
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 31d9c631f5574571a935aaa48a6255df
reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignmentType: SELF_REVIEW_DELEGATION
- reassignedToId: 279de502e5dc43f4854e1b96f57c578f
reassignedFromId: 31d9c631f5574571a935aaa48a6255df
reassignmentType: AUTOMATIC_REASSIGNMENT
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reassignment-configurations/tenant-config:
get:
operationId: getTenantConfigConfiguration
tags:
- Work Reassignment
summary: Get Tenant-wide Reassignment Configuration settings
description: Gets the global Reassignment Configuration settings for the requestor's tenant.
security:
- UserContextAuth:
- 'idn:reassignment-tenant-configuration:read'
responses:
'200':
description: Tenant-wide Reassignment Configuration settings
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putTenantConfiguration
tags:
- Work Reassignment
summary: Update Tenant-wide Reassignment Configuration settings
description: Replaces existing Tenant-wide Reassignment Configuration settings with the newly provided settings.
security:
- UserContextAuth:
- 'idn:reassignment-tenant-configuration:update'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
responses:
'200':
description: Tenant-wide Reassignment Configuration settings
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/recommendations/request:
post:
operationId: getRecommendations
summary: Returns a Recommendation Based on Object
tags:
- IAI Recommendations
description: The getRecommendations API returns recommendations based on the requested object. The recommendations are invoked by IdentityIQ and IdentityNow plug-ins that retrieve recommendations based on the performed calculations.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requests:
type: array
items:
description: List of requests to retrieve recommendations
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
excludeInterpretations:
type: boolean
description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified.
default: 'false'
example: 'false'
includeTranslationMessages:
type: boolean
description: 'When set to true, the calling system uses the translated messages for the specified language'
default: 'false'
example: 'false'
includeDebugInformation:
type: boolean
description: Returns the recommender calculations if set to true
default: 'false'
example: 'true'
prescribeMode:
type: boolean
description: 'When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.'
default: 'false'
example: 'false'
responses:
'200':
description: The recommendations for a customer
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
type: object
properties:
request:
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
recommendation:
type: string
example: 'YES'
description: 'The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system'
enum:
- 'YES'
- 'NO'
- MAYBE
- NOT_FOUND
interpretations:
type: array
items:
type: string
description: 'The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client''s locale as found in the Accept-Language header. If a translation for the client''s locale cannot be found, the US English translation will be returned.'
example:
- 75% of identities with the same department have this access. This information had a high impact on the overall score.
- 67% of identities with the same peer group have this access. This information had a low impact on the overall score.
- 42% of identities with the same location have this access. This information had a low impact on the overall score.
translationMessages:
type: array
example:
- key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
- '75'
- department
items:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
description: 'The list of translation messages, if they have been requested.'
recommenderCalculations:
description: The calcuations performed behind the scenes that provide recommendations to the user.
properties:
identityId:
type: string
description: The ID of the identity
example: 2c91808457d8f3ab0157e3e62cb4213c
entitlementId:
type: string
description: The entitlement ID
example: 2c91809050db617d0150e0bf3215385e
recommendation:
type: string
description: The actual recommendation
example: 'YES'
overallWeightedScore:
type: number
description: The overall weighted score
featureWeightedScores:
type: object
description: The weighted score of each individual feature
additionalProperties:
type: number
threshold:
type: number
description: The configured value against which the overallWeightedScore is compared
identityAttributes:
type: object
description: The values for your configured features
additionalProperties:
type: object
properties:
value:
type: string
featureValues:
description: The feature details
type: object
properties:
feature:
type: string
description: The type of feature
example: department
numerator:
type: integer
format: int32
example: 14
description: The number of identities that have access to the feature
denominator:
type: integer
format: int32
example: 14
description: The number of identities with the corresponding feature
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
/recommendations/config:
get:
operationId: getRecommendationsConfig
summary: Get certification recommendation config values
tags:
- IAI Recommendations
description: Retrieves configuration attributes used by certification recommendations.
responses:
'200':
description: Cert recommendation configuration attributes
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
put:
operationId: updateRecommendationsConfig
summary: Update certification recommendation config values
tags:
- IAI Recommendations
description: Updates configuration attributes used by certification recommendations.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
responses:
'200':
description: Cert recommendation configuration attributes after update
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
/requestable-objects:
get:
operationId: listRequestableObjects
tags:
- Requestable Objects
summary: Requestable Objects List
description: |-
This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.
Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.
parameters:
- in: query
name: identity-id
required: false
schema:
type: string
example: e7eab60924f64aa284175b9fa3309599
description: |-
If present, the value returns only requestable objects for the specified identity.
* Admin users can call this with any identity ID value.
* Non-admin users can only specify *me* or pass their own identity ID value.
* If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.
- in: query
name: types
description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
example: 'ROLE,ACCESS_PROFILE'
explode: false
- in: query
name: term
required: false
schema:
type: string
example: Finance Role
description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.'
- in: query
name: statuses
description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
explode: false
example:
- ASSIGNED
- PENDING
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name sw "bob"
description: |
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
example: name
description: |
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of requestable objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the requestable object itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Human-readable display name of the requestable object
example: Applied Research Access
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The time when the requestable object was created
modified:
nullable: true
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: The time when the requestable object was last modified
description:
type: string
description: Description of the requestable object.
example: 'Access to research information, lab results, and schematics.'
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
requestStatus:
allOf:
- type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
- nullable: true
identityRequestId:
type: string
description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
nullable: true
example: null
ownerRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
requestCommentsRequired:
type: boolean
description: Whether the requester must provide comments when requesting the object.
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-insights/requests:
post:
operationId: createRoleInsightRequests
summary: Generate insights for roles
deprecated: true
tags:
- Role Insights
description: Submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer.
responses:
'201':
description: Submitted a role insights generation request
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Request Id for a role insight generation request
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time role insights request was created.
example: '2020-09-16T18:49:32.150Z'
lastGenerated:
type: string
format: date-time
description: The date-time role insights request was completed.
example: '2020-09-16T18:50:12.150Z'
numberOfUpdates:
type: integer
description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.
example: 0
roleIds:
description: The role IDs that are in this request.
type: array
items:
type: string
status:
type: string
description: Request status
enum:
- CREATED
- IN PROGRESS
- COMPLETED
- FAILED
example:
id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77
createdDate: '2020-09-16T18:49:32.150Z'
lastGenerated: '2020-09-16T18:49:32.150Z'
numberOfUpdates: 0
roleIds:
- 2c91808e720e94f8017253287c0a44f4
- 2c918087723ac2800172532191540e03
- 2c9180986e4c8592016e6b15eaef447c
status: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/requests/{id}':
get:
operationId: getRoleInsightsRequests
summary: Returns metadata from prior request.
deprecated: true
tags:
- Role Insights
description: 'This endpoint returns details of a prior role insights request. '
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The role insights request id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns details of an earlier role insights request.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Request Id for a role insight generation request
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time role insights request was created.
example: '2020-09-16T18:49:32.150Z'
lastGenerated:
type: string
format: date-time
description: The date-time role insights request was completed.
example: '2020-09-16T18:50:12.150Z'
numberOfUpdates:
type: integer
description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.
example: 0
roleIds:
description: The role IDs that are in this request.
type: array
items:
type: string
status:
type: string
description: Request status
enum:
- CREATED
- IN PROGRESS
- COMPLETED
- FAILED
example:
id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77
createdDate: '2020-09-16T18:49:32.150Z'
lastGenerated: '2020-09-16T18:49:32.150Z'
numberOfUpdates: 0
roleIds:
- 2c91808e720e94f8017253287c0a44f4
- 2c918087723ac2800172532191540e03
- 2c9180986e4c8592016e6b15eaef447c
status: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-insights/summary:
get:
operationId: getRoleInsightsSummary
summary: Get role insights summary information
tags:
- Role Insights
description: This method returns high level summary information for role insights for a customer.
responses:
'200':
description: Succeeded. Returns high level counts.
content:
application/json:
schema:
type: object
properties:
numberOfUpdates:
type: integer
description: Total number of roles with updates
lastGenerated:
type: string
format: date-time
description: The date-time role insights were last found.
example: '2020-05-19T13:49:37.385Z'
entitlementsIncludedInRoles:
type: integer
description: The number of entitlements included in roles (vs free radicals).
example: 45
totalNumberOfEntitlements:
type: integer
description: The total number of entitlements.
example: 250
identitiesWithAccessViaRoles:
type: integer
description: The number of identities in roles vs. identities with just entitlements and not in roles.
example: 550
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 980
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-insights:
get:
operationId: getRoleInsights
summary: Get role insights
tags:
- Role Insights
description: This method returns detailed role insights for each role.
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities**
example: numberOfUpdates
required: false
style: form
explode: true
schema:
type: string
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**ownerName**: *sw*
**description**: *sw*
required: false
style: form
explode: true
example: name sw "John"
schema:
type: string
responses:
'200':
description: Succeeded. Returns a list of roles with information about insights for each role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Insight id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
numberOfUpdates:
type: integer
description: Total number of updates for this role
example: 5
createdDate:
type: string
format: date-time
description: The date-time insights were last created for this role.
modifiedDate:
type: string
format: date-time
nullable: true
description: The date-time insights were last modified for this role.
example: '2020-05-19T13:49:37.385Z'
role:
description: A role
type: object
properties:
name:
type: string
description: Role name
example: Software Engineer
id:
type: string
description: Role id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
description:
type: string
description: Role description
example: Person who develops software
ownerName:
type: string
description: Role owner name
example: Bob
ownerId:
type: string
description: Role owner id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}':
get:
operationId: getRoleInsight
summary: Get a single role insight
tags:
- Role Insights
description: This endpoint gets role insights information for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns information about insights for a single role.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Insight id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
numberOfUpdates:
type: integer
description: Total number of updates for this role
example: 5
createdDate:
type: string
format: date-time
description: The date-time insights were last created for this role.
modifiedDate:
type: string
format: date-time
nullable: true
description: The date-time insights were last modified for this role.
example: '2020-05-19T13:49:37.385Z'
role:
description: A role
type: object
properties:
name:
type: string
description: Role name
example: Software Engineer
id:
type: string
description: Role id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
description:
type: string
description: Role description
example: Person who develops software
ownerName:
type: string
description: Role owner name
example: Bob
ownerId:
type: string
description: Role owner id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes':
get:
operationId: getRoleInsightsEntitlementsChanges
summary: Get entitlement insights for a role
tags:
- Role Insights
description: This endpoint returns entitlement insights for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitiesWithAccess, name**
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
required: false
style: form
example: name sw "Admin"
explode: true
schema:
type: string
responses:
'200':
description: Succeeded. Returns a list of entitlements to be added for a role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the entitlement
id:
type: string
description: Id of the entitlement
description:
type: string
description: Description for the entitlement
attribute:
type: string
description: Attribute for the entitlement
value:
type: string
description: Attribute value for the entitlement
source:
type: string
description: Source or the application for the entitlement
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes/download':
get:
operationId: downloadRoleInsightsEntitlementsChanges
summary: Download entitlement insights for a role
tags:
- Role Insights
description: This endpoint returns the entitlement insights for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitiesWithAccess**
The default sort is **identitiesWithAccess** in descending order.
required: false
example: identitiesWithAccess
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
example: name sw "r"
required: false
style: form
explode: true
schema:
type: string
responses:
'200':
description: Succeeded. Returns a csv file containing a list of entitlements to be added for a role.
content:
text/csv:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/current-entitlements':
get:
operationId: getRoleInsightsCurrentEntitlements
summary: Get current entitlement for a role
tags:
- Role Insights
description: This endpoint gets the entitlements for a role. The term "current" is to distinguish from the entitlement(s) an insight might recommend adding.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
example: name sw "r"
required: false
style: form
explode: true
schema:
type: string
responses:
'200':
description: Succeeded. Returns a list of current or pre-existing entitlements for a role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the entitlement
id:
type: string
description: Id of the entitlement
description:
type: string
description: Description for the entitlement
source:
type: string
description: Source or the application for the entitlement
attribute:
type: string
description: Attribute for the entitlement
value:
type: string
description: Attribute value for the entitlement
example:
name: Administrator
id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
description: Full administrative access to IdentityNow
source: IdentityNow
attribute: assignedGroups
value: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes/{entitlementId}/identities':
get:
operationId: getEntitlementChangesIdentities
summary: Get identities for a suggested entitlement (for a role)
tags:
- Role Insights
description: 'Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role.'
parameters:
- in: path
name: insightId
schema:
type: string
required: true
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: entitlementId
schema:
type: string
required: true
description: The entitlement id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: hasEntitlement
description: Identity has this entitlement or not
required: false
style: form
explode: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
example: name sw "Jan"
required: false
style: form
explode: true
schema:
type: string
responses:
'200':
description: Succeeded. Returns a list of identities with or without the entitlement.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id for identity
name:
type: string
description: Name for identity
attributes:
type: object
additionalProperties:
type: string
example:
id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
name: Adam Smith
attributes:
department: Human Resources-tah-mgb-dnd
firstName: Adam
jobTitle: Sales Analyst
location: Mexico
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-sessions:
post:
operationId: createRoleMiningSessions
summary: Create a role mining session
tags:
- IAI Role Mining
description: This submits a create role mining session request to the role mining application.
requestBody:
description: Role mining session parameters
required: true
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
- displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 50
format: int32
prescribedPruneThreshold:
type: integer
description: The calculated prescribedPruneThreshold
nullable: true
example: 10
format: int32
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
potentialRoleCount:
type: integer
description: Number of potential roles
example: 0
format: int32
potentialRolesReadyCount:
type: integer
description: Number of potential roles ready
example: 0
format: int32
type:
description: Role mining session type
example: SPECIALIZED
type: string
enum:
- SPECIALIZED
- COMMON
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
example: 2c918090761a5aac0176215c46a62d58
identityCount:
type: integer
description: Number of identities in the population which meet the search criteria or identity list provided
example: 0
format: int32
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
responses:
'201':
description: Submitted a role mining session request
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
minNumIdentitiesInPotentialRole:
type: integer
nullable: true
description: Minimum number of identities in a potential role
example: 20
scopingMethod:
type: string
description: The scoping method of the role mining session
nullable: true
example: AUTO_RM
prescribedPruneThreshold:
type: integer
nullable: true
description: The computed (or prescribed) prune threshold for this session
example: 83
pruneThreshold:
type: integer
nullable: true
description: The prune threshold to be used for this role mining session
example: 70
potentialRoleCount:
type: integer
description: The number of potential roles
example: 8
potentialRolesReadyCount:
type: integer
description: The number of potential roles which have completed processing
example: 4
status:
description: The role mining session status
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
identityCount:
type: integer
description: The number of identities
example: 39
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
dataFilePath:
type: string
description: The data file path of the role mining session
nullable: true
id:
type: string
description: Session Id for this role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time when this role mining session was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this role mining session was completed.
type:
description: Role mining session type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
example:
scope:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria: null
scopingMethod: AUTO_RM
minNumIdentitiesInPotentialRole: 20
pruneThreshold: 70
prescribedPruneThreshold: 83
potentialRoleCount: 8
potentialRolesReadyCount: 4
status:
state: POTENTIAL_ROLES_PROCESSING
type: SPECIALIZED
emailRecipientId: null
createdBy: null
identityCount: 0
saved: false
name: null
dataFilePath: null
id: 602ba738-cf48-499b-a780-7b67b3fc1ecf
createdDate: '2021-09-08T16:11:05.348Z'
modifiedDate: '2021-09-08T16:11:05.348Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getRoleMiningSessions
summary: Retrieves all role mining sessions
tags:
- IAI Role Mining
description: Returns all role mining sessions that match the query parameters
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**saved**: *eq*
**name**: *eq, sw*
example: saved eq "true" and name sw "RM Session"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdBy, createdDate**
example: 'createdBy,createdDate'
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns all role mining sessions that match the query parameters.
content:
application/json:
schema:
type: array
items:
type: object
properties:
scope:
description: The scope of identities for this role mining session
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
minNumIdentitiesInPotentialRole:
type: integer
nullable: true
description: Minimum number of identities in a potential role
example: 20
scopingMethod:
type: string
description: The scoping method of the role mining session
nullable: true
example: AUTO_RM
prescribedPruneThreshold:
type: integer
nullable: true
description: The computed (or prescribed) prune threshold for this session
example: 83
pruneThreshold:
type: integer
nullable: true
description: The prune threshold to be used for this role mining session
example: 70
potentialRoleCount:
type: integer
description: The number of potential roles
example: 8
potentialRolesReadyCount:
type: integer
description: The number of potential roles which have completed processing
example: 4
status:
description: The role mining session status
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
identityCount:
type: integer
description: The number of identities
example: 39
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
dataFilePath:
type: string
description: The data file path of the role mining session
nullable: true
id:
type: string
description: Session Id for this role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time when this role mining session was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this role mining session was completed.
type:
description: Role mining session type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
example:
scope:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria: null
scopingMethod: AUTO_RM
minNumIdentitiesInPotentialRole: 20
pruneThreshold: 70
prescribedPruneThreshold: 83
potentialRoleCount: 8
potentialRolesReadyCount: 4
status:
state: POTENTIAL_ROLES_PROCESSING
type: SPECIALIZED
emailRecipientId: null
createdBy: null
identityCount: 0
saved: false
name: null
dataFilePath: null
id: 602ba738-cf48-499b-a780-7b67b3fc1ecf
createdDate: '2021-09-08T16:11:05.348Z'
modifiedDate: '2021-09-08T16:11:05.348Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}':
patch:
operationId: patchRoleMiningSession
summary: Patch a role mining session
tags:
- IAI Role Mining
description: 'The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.'
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id to be patched
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
requestBody:
required: true
description: Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /pruneThreshold
value: '83'
- op: replace
path: /minNumIdentitiesInPotentialRole
value: '10'
- op: replace
path: /saved
value: 'false'
- op: replace
path: /name
value: RM Session - 07/10/22
- op: add
path: /name
value: RM Session - 07/10/22
responses:
'202':
description: Success
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getRoleMiningSession
summary: Get a role mining session
tags:
- IAI Role Mining
description: The method retrieves a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id to be retrieved.
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Returns a role mining session
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
minNumIdentitiesInPotentialRole:
type: integer
nullable: true
description: Minimum number of identities in a potential role
example: 20
scopingMethod:
type: string
description: The scoping method of the role mining session
nullable: true
example: AUTO_RM
prescribedPruneThreshold:
type: integer
nullable: true
description: The computed (or prescribed) prune threshold for this session
example: 83
pruneThreshold:
type: integer
nullable: true
description: The prune threshold to be used for this role mining session
example: 70
potentialRoleCount:
type: integer
description: The number of potential roles
example: 8
potentialRolesReadyCount:
type: integer
description: The number of potential roles which have completed processing
example: 4
status:
description: The role mining session status
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
identityCount:
type: integer
description: The number of identities
example: 39
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
dataFilePath:
type: string
description: The data file path of the role mining session
nullable: true
id:
type: string
description: Session Id for this role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time when this role mining session was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this role mining session was completed.
type:
description: Role mining session type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
example:
scope:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria: null
scopingMethod: AUTO_RM
minNumIdentitiesInPotentialRole: 20
pruneThreshold: 70
prescribedPruneThreshold: 83
potentialRoleCount: 8
potentialRolesReadyCount: 4
status:
state: POTENTIAL_ROLES_PROCESSING
type: SPECIALIZED
emailRecipientId: null
createdBy: null
identityCount: 0
saved: false
name: null
dataFilePath: null
id: 602ba738-cf48-499b-a780-7b67b3fc1ecf
createdDate: '2021-09-08T16:11:05.348Z'
modifiedDate: '2021-09-08T16:11:05.348Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/status':
get:
operationId: getRoleMiningSessionStatus
summary: Get role mining session status state
tags:
- IAI Role Mining
description: This method returns a role mining session status for a customer.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns session status
content:
application/json:
schema:
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries':
get:
operationId: getPotentialRoleSummaries
summary: Retrieve session's potential role summaries
tags:
- IAI Role Mining
description: This method returns the potential role summaries for a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdDate**
example: createdDate
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**createdById**: *eq, sw, co*
**createdByName**: *eq, sw, co*
**description**: *sw, co*
**endDate**: *le, lt*
**freshness**: *eq, ge, gt, le, lt*
**name**: *eq, sw, co*
**quality**: *eq, ge, gt, le, lt*
**startDate**: *ge, gt*
**saved**: *eq*
**type**: *eq*
example: (createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true))
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of potential role summaries for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}':
get:
operationId: getPotentialRole
summary: Retrieve potential role in session
tags:
- IAI Role Mining
description: This method returns a specific potential role for a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties:
type: string
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
description: The provisioning state of a potential role.
nullable: true
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
example: POTENTIAL
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchPotentialRole
summary: Update a potential role in session
tags:
- IAI Role Mining
description: |
This method updates an existing potential role using the role mining session id and the potential role summary id.
The following fields can be modified:
* `description`
* `name`
* `saved`
>**NOTE: All other fields cannot be modified.**
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: The potential role summary id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
allOf:
- type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
properties:
op:
type: string
description: The operation to be performed
enum:
- remove
- replace
example: replace
example:
- op: remove
path: /description
- op: replace
path: /description
value: Acct I - Potential Role
- op: remove
path: /saved
- op: replace
path: /saved
value: 'false'
- op: remove
path: /name
- op: replace
path: /name
value: Potential Role Accounting
responses:
'200':
description: Succeeded. Returns the potential role summary based on the potentialRoleId provided.
content:
application/json:
schema:
type: object
items:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties:
type: string
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
description: The provisioning state of a potential role.
nullable: true
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
example: POTENTIAL
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/applications':
get:
operationId: getPotentialRoleApplications
summary: Retrieves the applications of a potential role for a role mining session
tags:
- IAI Role Mining
description: This method returns the applications of a potential role for a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the potential role
name:
type: string
description: Name of the potential role
example:
id: 2c9180877212632a017228d5a796292b
name: Slack
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularities':
get:
operationId: getEntitlementsPotentialRole
summary: Retrieves entitlements for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns entitlements for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: includeCommonAccess
description: Boolean determining whether common access entitlements will be included or not
example: true
required: false
style: form
explode: true
schema:
type: boolean
default: true
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **popularity, entitlementName, applicationName**
The default sort is **popularity** in descending order.
example: popularity
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**applicationName**: *sw*
**entitlementRef.name**: *sw*
example: applicationName sw "AD"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of entitlements for a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
entitlementRef:
description: Details about the entitlement
example:
id: 2c91808a7e95e6e0017e96e2086206c8
name: App.entitlement.1
description: Entitlement 1
attribute: groups
type: object
properties:
id:
type: string
description: Id of the entitlement
example: 2c91808a7e95e6e0017e96e2086206c8
name:
type: string
description: Name of the entitlement
example: App.entitlement.1
description:
type: string
description: Description forthe entitlement
nullable: true
example: Entitlement 1
attribute:
type: string
description: The entitlement attribute
example: groups
name:
type: string
description: Name of the entitlement
example: Add/modify/delete users
applicationName:
type: string
description: Application name of the entitlement
example: AppName
identityCount:
type: integer
description: The number of identities with this entitlement in a role.
format: int32
example: 45
popularity:
type: number
description: The % popularity of this entitlement in a role.
format: float
example: 65.2
popularityInOrg:
type: number
description: The % popularity of this entitlement in the org.
format: float
example: 35.8
sourceId:
type: string
description: The ID of the source/application.
example: 2c9180877620c1460176267f336a106f
activitySourceState:
type: string
description: The status of activity data for the source. Value is complete or notComplete.
nullable: true
example: complete
sourceUsagePercent:
type: number
description: The percentage of identities in the potential role that have usage of the source/application of this entitlement.
format: float
nullable: true
example: 65.6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularity-distribution':
get:
operationId: getEntitlementDistributionPotentialRole
summary: Retrieves entitlement popularity distribution for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns entitlement popularity distribution for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: includeCommonAccess
description: Boolean determining whether common access entitlements will be included or not
required: false
style: form
explode: true
schema:
type: boolean
responses:
'200':
description: Succeeded. Returns a map containing entitlement popularity distribution for a potential role.
content:
application/json:
schema:
type: object
additionalProperties:
type: integer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/edit-entitlements':
post:
operationId: updateEntitlementsPotentialRole
summary: Edit entitlements for a potential role to exclude some entitlements
tags:
- IAI Role Mining
description: This endpoint adds or removes entitlements from an exclusion list for a potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
requestBody:
description: Role mining session parameters
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The list of entitlement ids to be edited
type: array
items:
type: string
exclude:
type: boolean
description: 'If true, add ids to be exclusion list. If false, remove ids from the exclusion list.'
example:
ids:
- entId1
- entId2
exclude: true
responses:
'201':
description: Adds or removes entitlements from a potential role's entitlement exclusion list.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties:
type: string
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
description: The provisioning state of a potential role.
nullable: true
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
example: POTENTIAL
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/identities':
get:
operationId: getIdentitiesPotentialRole
summary: Retrieves identities for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns identities for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
required: false
style: form
explode: true
example: name
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of identities for a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the identity
name:
type: string
description: Name of the identity
attributes:
type: object
additionalProperties:
type: string
example:
id: 2c9180877212632a017228d5934525e6
name: Allene Abernathy-Welch
attributes:
jobTitle: SQL Developer
department: IT
location: NYC
firstName: Allene
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export':
get:
operationId: exportRoleMiningPotentialRole
summary: Export (download) details for a potential role in a role mining session
tags:
- IAI Role Mining
description: This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async':
post:
operationId: exportRoleMiningPotentialRoleAsync
summary: Asynchronously export details for a potential role in a role mining session and upload to S3
tags:
- IAI Role Mining
description: This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
requestBody:
content:
application/json:
schema:
type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
responses:
'202':
description: Job Submitted. Returns a reportId that can be used to download the zip once complete
content:
application/json:
schema:
allOf:
- type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
- type: object
properties:
exportId:
type: string
format: uuid
description: ID used to reference this export
example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status:
description: The status of this export
example: QUEUED
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example:
exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status: QUEUED
minEntitlementPopularity: 0
includeCommonAccess: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}':
get:
operationId: exportRoleMiningPotentialRoleStatus
summary: Retrieve status of a potential role export job
tags:
- IAI Role Mining
description: This endpoint retrieves information about the current status of a potential role export.
parameters:
- in: path
name: sessionId
schema:
type: string
format: uuid
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
format: uuid
required: true
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
- in: path
name: exportId
schema:
type: string
format: uuid
required: true
description: The id of a previously run export job for this potential role
example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40
responses:
'200':
description: Success. Returns the current status of this export
content:
application/json:
schema:
allOf:
- type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
- type: object
properties:
exportId:
type: string
format: uuid
description: ID used to reference this export
example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status:
description: The status of this export
example: QUEUED
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example:
exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status: QUEUED
minEntitlementPopularity: 0
includeCommonAccess: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}/download':
get:
operationId: downloadRoleMiningPotentialRoleZip
summary: Export (download) details for a potential role in a role mining session
tags:
- IAI Role Mining
description: This endpoint downloads a completed export of information for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
format: uuid
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
format: uuid
required: true
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
- in: path
name: exportId
schema:
type: string
format: uuid
required: true
description: The id of a previously run export job for this potential role
example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40
responses:
'200':
description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/provision':
post:
operationId: createPotentialRoleProvisionRequest
summary: Create request to provision a potential role into an actual role.
tags:
- IAI Role Mining
description: This method starts a job to provision a potential role
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: min-entitlement-popularity
description: Minimum popularity required for an entitlement to be included in the provisioned role.
required: false
style: form
explode: true
schema:
type: integer
default: 0
minimum: 0
maximum: 100
- in: query
name: include-common-access
description: Boolean determining whether common access entitlements will be included in the provisioned role.
required: false
style: form
explode: true
schema:
type: boolean
default: true
requestBody:
description: Required information to create a new role
content:
application/json:
schema:
type: object
properties:
roleName:
type: string
description: Name of the new role being created
example: Finance - Accounting
roleDescription:
type: string
description: Short description of the new role being created
example: General access for accounting department
ownerId:
type: string
description: ID of the identity that will own this role
example: 2b568c65bc3c4c57a43bd97e3a8e41
includeIdentities:
type: boolean
description: 'When true, create access requests for the identities associated with the potential role'
default: false
example: true
directlyAssignedEntitlements:
type: boolean
description: 'When true, assign entitlements directly to the role; otherwise, create access profiles containing the entitlements'
default: false
example: false
responses:
'202':
description: Accepted. Returns a potential role summary including the status of the provison request
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/excluded-entitlements':
get:
operationId: getExcludedEntitlementsPotentialRole
summary: Retrieves excluded entitlements for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns excluded entitlements for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **popularity**
example: populariity
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**applicationName**: *sw*
**entitlementRef.name**: *sw*
example: applicationName sw "AD"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of excluded entitlements for a potential roles.
content:
application/json:
schema:
type: array
items:
type: object
properties:
entitlementRef:
description: Details about the entitlement
example:
id: 2c91808a7e95e6e0017e96e2086206c8
name: App.entitlement.1
description: Entitlement 1
attribute: groups
type: object
properties:
id:
type: string
description: Id of the entitlement
example: 2c91808a7e95e6e0017e96e2086206c8
name:
type: string
description: Name of the entitlement
example: App.entitlement.1
description:
type: string
description: Description forthe entitlement
nullable: true
example: Entitlement 1
attribute:
type: string
description: The entitlement attribute
example: groups
name:
type: string
description: Name of the entitlement
example: Add/modify/delete users
applicationName:
type: string
description: Application name of the entitlement
example: AppName
identityCount:
type: integer
description: The number of identities with this entitlement in a role.
format: int32
example: 45
popularity:
type: number
description: The % popularity of this entitlement in a role.
format: float
example: 65.2
popularityInOrg:
type: number
description: The % popularity of this entitlement in the org.
format: float
example: 35.8
sourceId:
type: string
description: The ID of the source/application.
example: 2c9180877620c1460176267f336a106f
activitySourceState:
type: string
description: The status of activity data for the source. Value is complete or notComplete.
nullable: true
example: complete
sourceUsagePercent:
type: number
description: The percentage of identities in the potential role that have usage of the source/application of this entitlement.
format: float
nullable: true
example: 65.6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-potential-roles:
get:
operationId: getAllPotentialRoleSummaries
summary: Retrieves all potential role summaries
tags:
- IAI Role Mining
description: Returns all potential role summaries that match the query parameters
security:
- UserContextAuth: []
parameters:
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdDate, identityCount, entitlementCount, freshness, quality**
example: createdDate
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**createdById**: *eq, sw, co*
**createdByName**: *eq, sw, co*
**description**: *sw, co*
**endDate**: *le, lt*
**freshness**: *eq, ge, gt, le, lt*
**name**: *eq, sw, co, ge, gt, le, lt*
**quality**: *eq, ge, gt, le, lt*
**startDate**: *ge, gt*
**saved**: *eq*
**type**: *eq, ge, gt, le, lt*
**scopingMethod**: *eq*
**sessionState**: *eq*
**identityAttribute**: *co*
example: (createdByName co "int") and (createdById sw "2c9180907") and (type eq "COMMON") and ((name co "entt") or (saved eq true))
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns all potential role summaries that match the query parameters.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-potential-roles/{potentialRoleId}':
get:
operationId: getRoleMiningPotentialRole
summary: Retrieves a specific potential role
tags:
- IAI Role Mining
description: This method returns a specific potential role.
security:
- UserContextAuth: []
parameters:
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties:
type: string
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
description: The provisioning state of a potential role.
nullable: true
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
example: POTENTIAL
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchRoleMiningPotentialRole
summary: Update a potential role
tags:
- IAI Role Mining
description: |
This method updates an existing potential role.
The following fields can be modified:
* `description`
* `name`
* `saved`
>**NOTE: All other fields cannot be modified.**
security:
- UserContextAuth: []
parameters:
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: The potential role summary id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
allOf:
- type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
properties:
op:
type: string
description: The operation to be performed
enum:
- remove
- replace
example: replace
example:
- op: remove
path: /description
- op: replace
path: /description
value: Acct I - Potential Role
- op: remove
path: /saved
- op: replace
path: /saved
value: 'false'
- op: remove
path: /name
- op: replace
path: /name
value: Potential Role Accounting
responses:
'200':
description: Succeeded. Returns the potential role summary based on the potentialRoleId provided.
content:
application/json:
schema:
type: object
items:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties:
type: string
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
description: The provisioning state of a potential role.
nullable: true
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
example: POTENTIAL
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-potential-roles/saved:
get:
operationId: getSavedPotentialRoles
summary: Retrieves all saved potential roles
tags:
- IAI Role Mining
description: This method returns all saved potential roles (draft roles).
security:
- UserContextAuth: []
parameters:
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **modified**'
example: modified
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of draft roles for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the draft role
example: Saved RM Session - 07/10
description:
type: string
description: Draft role description
example: Person who develops software
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
entitlementIds:
type: array
items:
type: string
description: The list of entitlement ids for this role mining session.
example:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
excludedEntitlements:
type: array
description: The list of excluded entitlement ids.
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
modified:
type: string
format: date-time
description: Last modified date
example: '2020-09-16T18:49:32.150Z'
type:
description: Role mining session type
example: SPECIALIZED
type: string
enum:
- SPECIALIZED
- COMMON
id:
type: string
description: Id of the potential draft role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential draft role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential draft role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-potential-roles/{potentialRoleId}/sources/{sourceId}/identityUsage':
get:
operationId: getPotentialRoleSourceIdentityUsage
summary: Retrieves potential role source usage
tags:
- IAI Role Mining
description: This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role.
security:
- UserContextAuth: []
parameters:
- in: path
name: potentialRoleId
schema:
type: string
required: true
description: A potential role id
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
- in: path
name: sourceId
schema:
type: string
required: true
description: A source id
example: 2c9180877620c1460176267f336a106f
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **displayName, email, usageCount**'
example: '-usageCount'
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Succeeded. Returns a list of source usage for the identities in a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The identity ID
example: 2c918089762475180176267f894b54dc
displayName:
type: string
description: Display name for the identity
example: Kirk Koepp
email:
type: string
description: Email address for the identity
example: kirk.koepp@testmail.identitynow.com
usageCount:
type: integer
description: The number of days there has been usage of the source by the identity.
format: int32
example: 25
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles:
get:
operationId: listRoles
tags:
- Roles
summary: List Roles
description: |-
This API returns a list of Roles.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.'
example: 5168015d32f890ca15812c9180835d2e
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
example: requestable eq false
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
example: false
required: false
responses:
'200':
description: List of Roles
content:
application/json:
schema:
type: array
items:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
type: boolean
nullable: true
dimensionRefs:
type: string
nullable: true
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
post:
operationId: createRole
tags:
- Roles
summary: Create a Role
description: |-
This API creates a role.
You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API.
In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles. However, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
type: boolean
nullable: true
dimensionRefs:
type: string
nullable: true
required:
- name
- owner
responses:
'201':
description: Role created
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
type: boolean
nullable: true
dimensionRefs:
type: string
nullable: true
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
'/roles/{id}':
get:
operationId: getRole
tags:
- Roles
summary: Get a Role
description: |-
This API returns a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'200':
description: List of all Roles
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
type: boolean
nullable: true
dimensionRefs:
type: string
nullable: true
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
patch:
operationId: patchRole
tags:
- Roles
summary: Patch a specified Role
description: |-
This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable:
* name
* description
* enabled
* owner
* accessProfiles
* membership
* requestable
* accessRequestConfig
* revokeRequestConfig
* segments
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time.
parameters:
- name: id
in: path
description: ID of the Role to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121e121518
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Make a Role Requestable and Enable it in One Call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /requestable
value: true
- op: replace
path: /enabled
value: true
Assign a Role to a Segment:
description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.
value:
- op: add
path: /segments/-
value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19
Set the Membership Selection Criteria to a List of Identities:
description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.'
value:
- op: replace
path: /membership
value:
type: IDENTITY_LIST
identities:
- id: 2c91808973fe906c0174262092014ed9
- id: 2c918086262092014ed94fb8a47612f3
Set the Membership Selection Criteria to a Standard Expression:
description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.'
value:
- op: replace
path: /membership
value:
type: STANDARD
criteria:
operation: OR
children:
- operation: EQUALS
key:
type: ENTITLEMENT
property: attribute.memberOf
sourceId: 2c9180887701fb2014213e122092014e
stringValue: Engineering
Add a New Clause as the Child of an Existing Standard Expression:
description: This example shows how to add a child clause to an existing STANDARD criteria expression.
value:
- op: add
path: /membership/criteria/children/-
value:
operation: ENDS_WITH
key:
type: IDENTITY
property: attribute.email
stringValue: '@identitynow.com'
required: true
responses:
'200':
description: Responds with the Role as updated.
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
type: boolean
nullable: true
dimensionRefs:
type: string
nullable: true
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
delete:
operationId: deleteRole
tags:
- Roles
summary: Delete a Role
description: |-
This API deletes a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
/roles/bulk-delete:
post:
operationId: deleteBulkRoles
summary: Delete Role(s)
tags:
- Roles
description: |-
This endpoint initiates a bulk deletion of one or more roles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 roles per request.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this endpoint. In addition, a token with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
roleIds:
description: List of IDs of Roles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
required:
- roleIds
example:
roleIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'202':
description: Returns an object with the id of the task performing the delete operation.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: 1ea1adcb84da4dcb890145e05745774e
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The request was syntactically correct but its content is semantically invalid.
400.1 Role ids limit violation:
description: Role ids limit violation response
value:
detailCode: 400.1 Bad Request Content
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: roleIds count exceeded max limit of 50 for bulk-delete.
400.1.404 Referenced object not found:
description: Referenced object not found response
value:
detailCode: 400.1.404 Referenced object not found
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found.'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
'/roles/{id}/assigned-identities':
get:
operationId: getRoleAssignedIdentities
tags:
- Roles
summary: Identities assigned a Role
parameters:
- in: path
name: id
schema:
type: string
description: ID of the Role for which the assigned Identities are to be listed
example: 2c91808a7813090a017814121e121518
required: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**aliasName**: *eq, sw*
**email**: *eq, sw*
**name**: *eq, sw, co*
example: name sw Joe
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, aliasName, email**
example: 'aliasName,name'
responses:
'200':
description: List of Identities assigned the Role
content:
application/json:
schema:
type: array
items:
type: object
description: A subset of the fields of an Identity which is a member of a Role.
properties:
id:
type: string
description: The ID of the Identity
example: 2c9180a46faadee4016fb4e018c20639
aliasName:
type: string
description: The alias / username of the Identity
example: t.edison
name:
type: string
description: The human-readable display name of the Identity
example: Thomas Edison
email:
type: string
description: Email address of the Identity
example: t.edison@identitynow.com
roleAssignmentSource:
type: string
enum:
- ACCESS_REQUEST
- ROLE_MEMBERSHIP
description: Type which indicates how a particular Identity obtained a particular Role
example: ACCESS_REQUEST
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
'/roles/{id}/entitlements':
get:
operationId: getRoleEntitlements
tags:
- Roles
summary: List role's Entitlements
description: |-
This API lists the Entitlements associated with a given role.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- name: id
in: path
description: ID of the containing role
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
attribute:
type: string
description: The entitlement attribute name
example: memberOf
nullable: true
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
privileged:
type: boolean
default: false
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: true
description:
type: string
nullable: true
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
requestable:
type: boolean
default: false
description: True if the entitlement is requestable
example: true
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
nullable: true
owner:
allOf:
- type: object
description: Simplified DTO for the owner object of the entitlement
properties:
id:
type: string
description: The owner id for the entitlement
example: 2a2fdacca5e345f18bf7970cfbb8fec2
name:
type: string
description: The owner name for the entitlement
example: identity 1
type:
type: string
enum:
- IDENTITY
description: The type of the owner. Initially only type IDENTITY is supported
example: IDENTITY
- nullable: true
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
manuallyUpdatedFields:
allOf:
- type: object
properties:
DISPLAY_NAME:
type: boolean
default: false
description: |-
True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `name` property.
example: true
DESCRIPTION:
type: boolean
default: false
description: |-
True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation.
Field refers to [Entitlement response schema](https://developer.sailpoint.com/idn/api/beta/get-entitlement) > `description` property.
example: true
- nullable: true
description: 'Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
allOf:
- type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
- nullable: true
description: Access Model Metadata (beta).
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
/segments:
post:
operationId: createSegment
tags:
- Segments
summary: Create Segment
description: |-
This API creates a segment.
>**Note:** Segment definitions may take time to propagate to all identities.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
type: object
nullable: true
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
nullable: true
description: Name for the attribute
example: location
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
example: EQUALS
attribute:
type: string
example: country
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
example: []
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
responses:
'201':
description: Segment created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
type: object
nullable: true
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
nullable: true
description: Name for the attribute
example: location
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
example: EQUALS
attribute:
type: string
example: country
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
example: []
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listSegments
tags:
- Segments
summary: List Segments
description: |-
This API returns a list of all segments.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of all segments
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
type: object
nullable: true
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
nullable: true
description: Name for the attribute
example: location
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
example: EQUALS
attribute:
type: string
example: country
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
example: []
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/segments/{id}':
get:
operationId: getSegment
tags:
- Segments
summary: Get Segment by ID
description: |-
This API returns the segment specified by the given ID.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Segment
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
type: object
nullable: true
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
nullable: true
description: Name for the attribute
example: location
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
example: EQUALS
attribute:
type: string
example: country
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
example: []
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSegment
tags:
- Segments
summary: Delete Segment by ID
description: |-
This API deletes the segment specified by the given ID.
>**Note:** Segment deletion may take some time to go into effect.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to delete.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSegment
tags:
- Segments
summary: Update Segment
description: |-
Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
>**Note:** Changes to a segment may take some time to propagate to all identities.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to modify.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* owner
* visibilityCriteria
* active
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Set Visibility Criteria:
description: Set the visibility criteria
value:
- op: replace
path: /visibilityCriteria
value:
expression:
operator: AND
children:
- operator: EQUALS
attribute: location
value:
type: STRING
value: Philadelphia
- operator: EQUALS
attribute: department
value:
type: STRING
value: HR
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the segment''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
type: object
nullable: true
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
nullable: true
description: Name for the attribute
example: location
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
example: EQUALS
attribute:
type: string
example: country
value:
type: object
nullable: true
properties:
type:
type: string
nullable: true
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
example: []
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/send-test-notification:
post:
operationId: sendTestNotification
tags:
- Notifications
summary: Send Test Notification
description: Send a Test Notification
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: The template notification key.
example: cloud_manual_work_item_summary
medium:
type: string
description: The notification medium. Has to be one of the following enum values.
enum:
- EMAIL
- SLACK
- TEAMS
context:
type: object
description: A Json object that denotes the context specific to the template.
example:
key: cloud_manual_work_item_summary
medium: EMAIL
context:
numberOfPendingTasks: '4'
ownerId: 201327fda1c44704ac01181e963d463c
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/service-desk-integrations:
get:
tags:
- Service Desk Integration
summary: List existing Service Desk Integrations
description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrationList
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: sorters
in: query
required: false
style: form
explode: true
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
- name: filters
in: query
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq*
**type**: *eq, in*
**cluster**: *eq, in*
example: id eq 2c91808b6ef1d43e016efba0ce470904
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of ServiceDeskIntegrationDto
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
post:
tags:
- Service Desk Integration
summary: Create new Service Desk integration
description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: createServiceDeskIntegration
requestBody:
description: The specifics of a new integration to create
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: details of the created integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
'/service-desk-integrations/{id}':
get:
tags:
- Service Desk Integration
summary: Get a Service Desk integration
description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to get
required: true
style: simple
explode: false
schema:
type: string
example: anId
responses:
'200':
description: ServiceDeskIntegrationDto with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
put:
tags:
- Service Desk Integration
summary: Update a Service Desk integration
description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: putServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
description: The specifics of the integration to update
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
delete:
tags:
- Service Desk Integration
summary: Delete a Service Desk integration
description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: deleteServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of Service Desk integration to delete
required: true
style: simple
explode: false
schema:
type: string
example: anId
responses:
'204':
description: Service Desk integration with the given ID successfully deleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
patch:
operationId: patchServiceDeskIntegration
tags:
- Service Desk Integration
summary: Service Desk Integration Update PATCH
description: Update an existing ServiceDeskIntegration by ID with a PATCH request.
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
required: true
description: |
A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Only `replace` operations are accepted by this endpoint.
A 403 Forbidden Error indicates that you attempted to PATCH a operation that is not allowed.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902). Only `replace` operations are accepted by this endpoint.'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example: |-
[
{
"op": "replace",
"path": "/ownerRef",
"value": {
"id": "2c9180867d05b227017d09921a205b4d",
"type": "IDENTITY",
"name": "Angelo2 tester"
}
}
]
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
/service-desk-integrations/types:
get:
tags:
- Service Desk Integration
summary: Service Desk Integration Types List.
description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrationTypes
responses:
'200':
description: Responds with an array of the currently supported Service Desk integration types.
content:
application/json:
schema:
type: array
items:
description: This represents a Service Desk Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
'/service-desk-integrations/templates/{scriptName}':
get:
tags:
- Service Desk Integration
summary: Service Desk integration template by scriptName.
description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrationTemplate
parameters:
- name: scriptName
in: path
description: The scriptName value of the Service Desk integration template to get
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
required:
- type
- attributes
- provisioningConfig
properties:
type:
description: The 'type' property specifies the type of the Service Desk integration template.
type: string
example: Web Service SDIM
default: Web Service SDIM
attributes:
description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
type: object
additionalProperties: true
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
/service-desk-integrations/status-check-configuration:
get:
tags:
- Service Desk Integration
summary: Get the time check configuration
description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getStatusCheckDetails
responses:
'200':
description: QueuedCheckConfigDetails containing the configured values
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
put:
tags:
- Service Desk Integration
summary: Update the time check configuration
description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: updateStatusCheckDetails
requestBody:
description: the modified time check configuration
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: 2
required: true
responses:
'200':
description: QueuedCheckConfigDetails as updated
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
'/sim-integrations/{id}':
put:
tags:
- SIM Integrations
summary: Update an existing SIM integration
description: Update an existing SIM integration. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: putSIMIntegration
requestBody:
description: The full DTO of the integration containing the updated model
content:
application/json:
schema:
type: object
title: Sim Integration Details
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
properties:
description:
type: string
description: The description of the integration
example: Integration description
nullable: false
type:
type: string
description: The integration type
example: ServiceNow Service Desk
nullable: false
attributes:
type: object
description: The attributes map containing the credentials used to configure the integration.
nullable: true
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
sources:
type: array
description: The list of sources (managed resources)
items:
type: string
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
nullable: false
cluster:
type: string
description: The cluster/proxy
example: xyzzy999
nullable: false
statusMap:
type: object
description: Custom mapping between the integration result and the provisioning result
example:
closed_cancelled: Failed
closed_complete: Committed
closed_incomplete: Failed
closed_rejected: Failed
in_process: Queued
requested: Queued
request:
type: object
description: Request data to customize desc and body of the created ticket
example:
description: 'SailPoint Access Request,'
req_description: 'The Service Request created by SailPoint ServiceNow Service Integration Module (SIM).,'
req_short_description: 'SailPoint New Access Request Created from IdentityNow,'
short_description: SailPoint Access Request $!plan.arguments.identityRequestId
beforeProvisioningRule:
description: Before provisioning rule of integration
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
required: true
parameters:
- name: id
in: path
description: The id of the integration.
schema:
type: string
example: 12345
required: true
responses:
'200':
description: details of the updated integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:create'
get:
tags:
- SIM Integrations
summary: Get a SIM integration details.
description: Get the details of a SIM integration. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getSIMIntegration
parameters:
- name: id
in: path
description: The id of the integration.
schema:
type: string
example: 12345
required: true
responses:
'200':
description: The DTO containing the details of the SIM integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
delete:
tags:
- SIM Integrations
summary: Delete a SIM integration
description: Get the details of a SIM integration. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: deleteSIMIntegration
parameters:
- name: id
description: The id of the integration to delete.
in: path
schema:
type: string
example: 12345
required: true
responses:
'200':
description: No content response
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:write'
patch:
tags:
- SIM Integrations
summary: Patch a SIM attribute.
description: Patch a SIM attribute given a JsonPatch object. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: patchSIMAttributes
requestBody:
required: true
description: The JsonPatch object that describes the changes of SIM
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example: "[\n {\n\t \"op\": \"replace\",\n\t \"path\": \"/description\",\n\t \"value\": \"A new description\"\n }\n]"
parameters:
- name: id
description: SIM integration id
in: path
schema:
type: string
example: 12345
required: true
responses:
'200':
description: The updated DTO containing the details of the SIM integration.
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:write'
'/sim-integrations/{id}/beforeProvisioningRule':
patch:
tags:
- SIM Integrations
summary: Patch a SIM beforeProvisioningRule attribute.
description: Patch a SIM beforeProvisioningRule attribute given a JsonPatch object. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: patchBeforeProvisioningRule
requestBody:
required: true
description: The JsonPatch object that describes the changes of SIM beforeProvisioningRule.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example: "[\n {\n\t \"op\": \"replace\",\n\t \"path\": \"/description\",\n\t \"value\": \"A new description\"\n }\n]"
parameters:
- name: id
in: path
description: SIM integration id
schema:
type: string
example: 12345
required: true
responses:
'200':
description: The updated DTO containing the details of the SIM integration.
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:write'
/sim-integrations:
get:
tags:
- SIM Integrations
summary: List the existing SIM integrations.
description: List the existing SIM integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getSIMIntegrations
responses:
'200':
description: The DTO containing the details of the SIM integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
post:
tags:
- SIM Integrations
summary: Create new SIM integration
description: Create a new SIM Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: createSIMIntegration
requestBody:
description: DTO containing the details of the SIM integration
content:
application/json:
schema:
type: object
title: Sim Integration Details
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the Object
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
- type: object
properties:
description:
type: string
description: The description of the integration
example: Integration description
nullable: false
type:
type: string
description: The integration type
example: ServiceNow Service Desk
nullable: false
attributes:
type: object
description: The attributes map containing the credentials used to configure the integration.
nullable: true
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
sources:
type: array
description: The list of sources (managed resources)
items:
type: string
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
nullable: false
cluster:
type: string
description: The cluster/proxy
example: xyzzy999
nullable: false
statusMap:
type: object
description: Custom mapping between the integration result and the provisioning result
example:
closed_cancelled: Failed
closed_complete: Committed
closed_incomplete: Failed
closed_rejected: Failed
in_process: Queued
requested: Queued
request:
type: object
description: Request data to customize desc and body of the created ticket
example:
description: 'SailPoint Access Request,'
req_description: 'The Service Request created by SailPoint ServiceNow Service Integration Module (SIM).,'
req_short_description: 'SailPoint New Access Request Created from IdentityNow,'
short_description: SailPoint Access Request $!plan.arguments.identityRequestId
beforeProvisioningRule:
description: Before provisioning rule of integration
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
required: true
responses:
'200':
description: details of the created integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
properties:
type:
description: The type of object being referenced
enum:
- SOURCE
example: SOURCE
id:
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
name:
description: Human-readable display name of the source
example: My Source
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:create'
/sp-config/export:
post:
operationId: exportSpConfig
security:
- UserContextAuth:
- 'sp:config:read'
- 'sp:config:manage'
tags:
- SP-Config
summary: Initiates configuration objects export job
description: |-
This post will export objects from the tenant to a JSON configuration file.
For more information about the object types that currently support export functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
requestBody:
description: Export options control what will be included in the export.
required: true
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: Export Job 1 Test
examples:
Export all objects available:
description: Export all object types available in IDN.
value:
description: Export all available objects
excludeTypes: []
includeTypes:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
objectOptions: {}
Export sources by ID:
description: Export only sources that match the IDs specified in the export options.
value:
description: Export sources by ID
excludeTypes: []
includeTypes:
- SOURCE
objectOptions:
SOURCE:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
- be9p119e-90e1-49pk-ac9f-fa576e96c9e4
includedNames: []
Export transforms by name:
description: Export only transforms that match the names specified in the export options.
value:
description: Export transforms by name
excludeTypes: []
includeTypes:
- TRANSFORM
objectOptions:
TRANSFORM:
includedIds: []
includedNames:
- Remove Diacritical Marks
- Common - Location Lookup
Export trigger subscriptions triggers and transforms with custom options:
description: Export trigger subscriptions and transforms that match the export options.
value:
description: Export trigger subscriptions and transforms with custom filter options
excludeTypes: []
includeTypes:
- TRANSFORM
- TRIGGER_SUBSCRIPTION
objectOptions:
TRANSFORM:
includedIds: []
includedNames:
- Remove Diacritical Marks
- Common - Location Lookup
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
- be9p119e-90e1-49pk-ac9f-fa576e96c9e4
includedNames:
- 'NGROK Test: fire and forget'
- Manager Certification
responses:
'202':
description: Export job accepted and queued for processing.
content:
application/json:
schema:
allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
required:
- description
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: ETS configuration objects from Acme-Solar sandbox
'400':
description: |
Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/export/{id}':
get:
operationId: getSpConfigExportStatus
security:
- UserContextAuth:
- 'sp:config:read'
- 'sp:config:manage'
tags:
- SP-Config
summary: Get export job status
description: |-
This gets the status of the export job identified by the `id` parameter.
The request will need one of the following security scopes:
- sp:config:read - sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the export job whose status will be returned.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Export job status successfully returned.
content:
application/json:
schema:
allOf:
- allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
required:
- description
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: ETS configuration objects from Acme-Solar sandbox
- type: object
required:
- completed
properties:
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
example:
jobId: 1e824aa0-4c6e-4f14-95e9-e7dc5234aa51
status: COMPLETE
type: EXPORT
message: null
description: Export Job 1 Test
expiration: '2021-05-20T15:04:24Z'
created: '2021-05-13T15:04:24.112Z'
modified: '2021-05-13T15:04:27.363Z'
completed: '2021-05-13T15:04:27.358Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/export/{id}/download':
get:
operationId: getSpConfigExport
tags:
- SP-Config
summary: Download export job result.
description: |-
This endpoint gets the export file resulting from the export job with the requested `id` and downloads it to a file.
The request will need one of the following security scopes:
- sp:config:read - sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the export job whose results will be downloaded.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Exported JSON objects.
content:
application/json:
schema:
type: object
title: Config Export Response Body
description: Response model for config export download response.
properties:
version:
type: integer
description: Current version of the export results object.
example: 1
timestamp:
type: string
format: date-time
description: Time the export was completed.
example: '2021-05-11T22:23:16Z'
tenant:
type: string
description: Name of the tenant where this export originated.
example: sample-tenant
description:
type: string
description: Optional user defined description/name for export job.
example: Export Job 1 Test
options:
description: Options used to create this export.
type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
objects:
type: array
items:
type: object
title: Config Object for Export and Import
description: Config export and import format for individual object configurations.
properties:
version:
type: integer
description: Current version of configuration object.
example: 1
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: 'Imported/exported object''s DTO type. Import is currently only possible with the IDENTITY_OBJECT_CONFIG, IDENTITY_PROFILE, RULE, SOURCE, TRANSFORM, and TRIGGER_SUBSCRIPTION object types.'
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: HR Active Directory
object:
description: Object details. Format dependant on the object type.
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sp-config/import:
post:
operationId: importSpConfig
tags:
- SP-Config
summary: Initiates configuration objects import job
description: |-
This post will import objects from a JSON configuration file into a tenant. By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. The backup is provided so that the state of the configuration prior to the import is available for inspection or restore if needed. The backup can be skipped by setting "excludeBackup" to true in the import options. If a backup is performed, the id of the backup will be provided in the ImportResult as the "exportJobId". This can be downloaded using the /sp-config/export/{exportJobId}/download endpoint.
You cannot currently import from the Non-Employee Lifecycle Management (NELM) source. You cannot use this endpoint to back up or store NELM data.
For more information about the object types that currently support import functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
The request will need the following security scope:
- sp:config:manage
parameters:
- in: query
name: preview
schema:
type: boolean
default: false
required: false
description: 'This option is intended to give the user information about how an import operation would proceed, without having any effect on the target tenant. If this parameter is "true", no objects will be imported. Instead, the import process will pre-process the import file and attempt to resolve references within imported objects. The import result file will contain messages pertaining to how specific references were resolved, any errors associated with the preprocessing, and messages indicating which objects would be imported.'
example: 'true'
requestBody:
description: "The form-data \"name\" attribute for the file content must be \"data\".\n\n__Example__\n\n data: \"config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json\",\n options: {\n \"excludeTypes\": [],\n \"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \"objectOptions\": {\n \"TRIGGER_SUBSCRIPTION\": {\n \"includedIds\": [ \"193446a1-c431-4326-8ba7-d6eebf922948\"],\n \"includedNames\":[]\n }\n },\n \"defaultReferences\": [\n {\n \"type\": \"TRIGGER_SUBSCRIPTION\",\n \"id\": \"be9e116d-08e1-49fc-ab7f-fa585e96c9e4\",\n \"name\": \"Test Trigger\"\n }\n ],\n \"excludeBackup\": false\n }\n\n__Sample Import File__\n\n {\n \t\"version\": 1,\n \t\"timestamp\": \"2021-05-10T15:19:23.425041-05:00\",\n \t\"tenant\": \"sampleTenant\",\n \t\"options\": {\n \t\t\"excludeTypes\": [],\n \t\t\"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \t\t\"objectOptions\": null\n \t},\n \t\"objects\": [{\n \t\t\t\"version\": 1,\n \t\t\t\"self\": {\n \t\t\t\t\"type\": \"TRIGGER_SUBSCRIPTION\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"id\": \"193446a1-c431-4326-8ba7-d6eebf922948\"\n \t\t\t},\n \t\t\t\"object\": {\n \t\t\t\t\"type\": \"HTTP\",\n \t\t\t\t\"enabled\": true,\n \t\t\t\t\"httpConfig\": {\n \t\t\t\t\t\"url\": \"https://localhost\",\n \t\t\t\t\t\"httpAuthenticationType\": \"NO_AUTH\",\n \t\t\t\t\t\"basicAuthConfig\": null,\n \t\t\t\t\t\"bearerTokenAuthConfig\": null,\n \t\t\t\t\t\"httpDispatchMode\": \"SYNC\"\n \t\t\t\t},\n \t\t\t\t\"triggerName\": \"Access Request Submitted\",\n \t\t\t\t\"responseDeadline\": \"PT1H\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"triggerId\": \"idn:access-request-pre-approval\"\n \t\t\t}\n \t\t}\n \t]\n }\n"
required: true
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
description: JSON file containing the objects to be imported.
options:
type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
defaultReferences:
description: List of object types that can be used to resolve references on import.
type: array
items:
type: string
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: TRIGGER_SUBSCRIPTION
excludeBackup:
description: 'By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. If excludeBackup is true, the backup will not be performed.'
type: boolean
default: false
example: 'false'
required:
- data
example:
data: config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json
options:
excludeTypes: []
includeTypes:
- TRIGGER_SUBSCRIPTION
objectOptions:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Lori Test 2
defaultReferences:
- type: TRIGGER_SUBSCRIPTION
id: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
name: Test Trigger
excludeBackup: false
responses:
'202':
description: Import job accepted and queued for processing.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
'400':
description: |
Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/import/{id}':
get:
operationId: getSpConfigImportStatus
security:
- UserContextAuth:
- 'sp:config:manage'
tags:
- SP-Config
summary: Get import job status
description: |-
This gets the status of the import job identified by the `id` parameter.
For more information about the object types that currently support import functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
The request will need the following security scope:
- sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the import job whose status will be returned.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Import job status successfully returned.
content:
application/json:
schema:
allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
required:
- completed
- message
properties:
message:
type: string
description: This message contains additional information about the overall status of the job.
example: Download import results for details.
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
example:
jobId: 4fb10503-1c49-4603-8f8d-886e1f6aa47b
status: COMPLETE
type: IMPORT
message: Download import results for details.
description: null
expiration: '2021-05-20T16:42:39Z'
created: '2021-05-13T16:42:39.333Z'
modified: '2021-05-13T16:42:40.71Z'
completed: '2021-05-13T16:42:40.705Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/import/{id}/download':
get:
operationId: getSpConfigImport
tags:
- SP-Config
summary: Download import job result
description: |-
This gets import file resulting from the import job with the requested id and downloads it to a file. The downloaded file will contain the results of the import operation, including any error, warning or informational messages associated with the import.
The request will need the following security scope:
- sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the import job whose results will be downloaded.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: 'Import results JSON object, containing detailed results of the import operation.'
content:
application/json:
schema:
type: object
title: Config Import Response Body
description: Response Body for Config Import command.
properties:
results:
type: object
additionalProperties:
type: object
title: Import Object Response Body
description: Response model for import of a single object.
properties:
infos:
description: Informational messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
warnings:
description: Warning messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
errors:
description: Error messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
importedObjects:
description: References to objects that were created or updated by the import.
type: array
items:
type: object
description: Object created or updated by import.
properties:
type:
type: string
description: DTO type of object created or updated by import.
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
id:
type: string
description: ID of object created or updated by import.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of object created or updated by import.
example: HR Active Directory
required:
- infos
- warnings
- errors
- importedObjects
description: The results of an object configuration import job.
example:
results:
TRIGGER_SUBSCRIPTION:
infos:
- key: IMPORT_PREVIEW
text: 'Object to be imported: [c953134c-2224-42f2-a84e-fa5cbb395904, Test 2]'
detail: null
- key: IMPORT_PREVIEW
text: 'Object to be imported: [be9e116d-08e1-49fc-ab7f-fa585e96c9e4, Test 1]'
detail: null
warnings: []
errors: []
importedObjects: []
exportJobId:
type: string
description: 'If a backup was performed before the import, this will contain the jobId of the backup job. This id can be used to retrieve the json file of the backup export.'
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
required:
- results
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sp-config/config-objects:
get:
operationId: listSpConfigObjects
security:
- UserContextAuth:
- 'sp:config:read'
- 'sp:config:manage'
tags:
- SP-Config
summary: Get config object details
description: This gets the list of object configurations which are known to the tenant export/import service. Object configurations that contain "importUrl" and "exportUrl" are available for export/import.
responses:
'200':
description: Object configurations returned successfully.
content:
application/json:
schema:
type: array
items:
title: Object Configuration Model
description: Response model for get object configuration.
type: object
properties:
objectType:
type: string
description: The object type this configuration is for.
example: TRIGGER_SUBSCRIPTION
resolveByIdUrl:
description: Url and query parameters to be used to resolve this type of object by Id.
type: object
title: Resolver URL Format for Object Configuration.
properties:
url:
description: URL for the target object endpoint.
type: string
example: 'ets://trigger-subscriptions/$id'
query:
description: Any query parameters that are needed for the URL.
type: object
nullable: true
example: null
resolveByNameUrl:
type: array
items:
type: object
title: Resolver URL Format for Object Configuration.
description: Format of resolver URLs for Object Configurations
properties:
url:
description: URL for the target object endpoint.
type: string
example: 'ets://trigger-subscriptions/$id'
query:
description: Any query parameters that are needed for the URL.
type: object
nullable: true
example: null
description: Url and query parameters to be used to resolve this type of object by name.
exportUrl:
type: object
title: Resolver URL Format for Object Configuration.
description: Format of resolver URLs for Object Configurations
properties:
url:
description: URL for the target object endpoint.
type: string
example: 'ets://trigger-subscriptions/$id'
query:
description: Any query parameters that are needed for the URL.
type: object
nullable: true
example: null
exportRight:
type: string
description: Rights needed by the invoker of sp-config/export in order to export this type of object.
example: 'idn:trigger-service-subscriptions:read'
exportLimit:
type: integer
format: int32
description: Pagination limit imposed by the target service for this object type.
example: 10
importUrl:
type: object
title: Resolver URL Format for Object Configuration.
description: Format of resolver URLs for Object Configurations
properties:
url:
description: URL for the target object endpoint.
type: string
example: 'ets://trigger-subscriptions/$id'
query:
description: Any query parameters that are needed for the URL.
type: object
nullable: true
example: null
importRight:
type: string
description: Rights needed by the invoker of sp-config/import in order to import this type of object.
example: 'idn:trigger-service-subscriptions:create'
importLimit:
type: integer
format: int32
description: Pagination limit imposed by the target service for this object type.
example: 10
referenceExtractors:
type: array
nullable: true
description: List of json paths within an exported object of this type that represent references that need to be resolved.
items:
type: string
example:
- $.owner
signatureRequired:
type: boolean
default: false
description: 'If true, this type of object will be JWS signed and cannot be modified before import.'
example: false
legacyObject:
type: boolean
default: false
example: false
onePerTenant:
type: boolean
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sources:
get:
operationId: listSources
security:
- UserContextAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Lists all sources in IdentityNow.
description: |-
This end-point lists all the sources in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name eq "Employees"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**name**: *co, eq, in, sw, ge, gt, ne, isnull*
**type**: *eq, in, ge, gt, ne, isnull, sw*
**owner.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**features**: *ca, co*
**created**: *eq*
**modified**: *eq*
**managementWorkgroup.id**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**description**: *eq, sw*
**authoritative**: *eq, ne, isnull*
**healthy**: *isnull*
**status**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**connectionType**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**connectorName**: *eq, ge, gt, in, ne, isnull, sw*
**category**: *co, eq, ge, gt, in, le, lt, ne, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
example: name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status, id, description, owner.id, accountCorrelationConfig.id, accountCorrelationConfig.name, managerCorrelationRule.type, managerCorrelationRule.id, managerCorrelationRule.name, authoritative, managementWorkgroup.id, connectorName, connectionType**
- in: query
name: for-subadmin
schema:
type: string
example: name
description: |-
Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.
Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.
responses:
'200':
description: List of Source objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Creates a source in IdentityNow.
description: |-
This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: provisionAsCsv
description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. '
schema:
type: boolean
required: false
example: false
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'201':
description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}':
get:
operationId: getSource
security:
- UserContextAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Get Source by ID
description: |-
Use this API to get a source by a specified ID in Identity Security Cloud (ISC).
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Source object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Update Source (Full)
description: |
Use this API to update a source in Identity Security Cloud (ISC), using a full object representation. This means that when you use this API, it completely replaces the existing source configuration.
These fields are immutable, so they cannot be changed:
* id
* type
* authoritative
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren''t decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Update Source (Partial)
description: |
Use this API to partially update a source in Identity Security Cloud (ISC), using a list of patch operations according to the
[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
These fields are immutable, so they cannot be changed:
* id
* type
* authoritative
* created
* modified
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in Identity Security Cloud (ISC).'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Edit the source description:
description: This example shows how to edit a source description.
value:
- op: replace
path: /description
value: new description
Edit the source cluster:
description: This example shows how to edit a source cluster by ID.
value:
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Edit source features:
description: This example illustrates how you can update source supported features.
value:
- op: replace
path: /features
value:
- PASSWORD
- PROVISIONING
- ENABLE
- AUTHENTICATE
Change a source description and cluster in one call:
description: This example shows how multiple fields may be updated with a single PATCH call.
value:
- op: replace
path: /description
value: new description
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Add a filter string to the connector:
description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example, any account that does not have an "m" or "d" in the ID will be aggregated.'
value:
- op: add
path: /connectorAttributes/filterString
value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )'
Update connector attribute for specific operation type:
description: This example shows how you can update the 3rd object in the connection parameter's `operationType`. This changes it from a standard group aggregation to a group aggregation on the "test" entitlement type.
value:
- op: replace
path: /connectorAttributes/connectionParameters/2/operationType
value: Group Aggregation-test
Enable notifications for new account provisioning on a source:
description: This example shows how you can configure and enable email notifications that will send when new accounts are provisioned on a source.
value:
- op: replace
path: /connectorAttributes/accountCreateNotification
value:
notifyList:
- Distribution.list@demo.com
notifyAccountOwner: true
enabled: true
notifyAccountOwnerAltEmail: false
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text so that they are not decryptable in Identity Security Cloud cloud-based services, per ISC security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- UserContextAuth:
- 'idn:sources:manage'
operationId: delete
tags:
- Sources
summary: Delete Source by ID
description: |-
Use this API to delete a specific source in Identity Security Cloud (ISC).
The API removes all the accounts on the source first, and then it deletes the source. You can retrieve the actual task execution status with this method: GET `/task-status/{id}`
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 2c91808779ecf55b0179f720942f181a
name:
type: string
description: Task result's human-readable display name (this should be null/empty).
example: null
examples:
deleteSource:
summary: Response returned when a source is being deleted.
value:
type: TASK_RESULT
id: 2c91808779ecf55b0179f720942f181a
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/attribute-sync-config':
get:
operationId: getSourceAttrSyncConfig
tags:
- Sources
summary: Attribute Sync Config
description: |-
This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not.
A token with ORG_ADMIN or HELPDESK authority is required to call this API.
security:
- UserContextAuth:
- 'idn:attr-sync-source-config:read'
- 'idn:attr-sync-source-config:manage'
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Attribute synchronization configuration for a source
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSourceAttrSyncConfig
tags:
- Sources
summary: Update Attribute Sync Config
description: |-
Replaces the attribute synchronization configuration for the source specified by the given ID with the configuration provided in the request body. Only the "enabled" field of the values in the "attributes" array is mutable. Attempting to change other attributes or add new values to the "attributes" array will result in an error.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:attr-sync-source-config:manage'
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
responses:
'200':
description: Updated attribute synchronization configuration for a source
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/check-connection':
post:
operationId: testSourceConnection
tags:
- Sources
summary: Check connection for source connector.
description: |-
This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:source-connector:manage'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The ID of the Source.
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of checking connection to the source connector with response from it.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/peek-resource-objects':
post:
operationId: peekResourceObjects
tags:
- Sources
summary: Peek source connector's resource objects
description: |-
Retrieves a sample of data returned from account and group aggregation requests.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:source-connector:manage'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
requestBody:
required: true
content:
application/json:
schema:
example:
objectType: resource
maxCount: 50
type: object
title: Resource Objects Request
description: Request model for peek resource objects from source connectors.
properties:
objectType:
type: string
description: The type of resource objects to iterate over.
default: account
example: group
maxCount:
type: integer
description: The maximum number of resource objects to iterate over and return.
default: 25
example: 100
responses:
'200':
description: List of resource objects that was fetched from the source connector.
content:
application/json:
schema:
type: object
title: Resource Objects Response
description: Response model for peek resource objects from source connectors.
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
objectCount:
type: integer
description: The number of objects that were fetched by the connector.
example: 25
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1055
readOnly: true
resourceObjects:
type: array
items:
type: object
title: Resource Object
description: Representation of the object which is returned from source connectors.
properties:
instance:
description: Identifier of the specific instance where this object resides.
type: string
readOnly: true
identity:
description: Native identity of the object in the Source.
type: string
example: 'CN=Aaron Carr,OU=test1,DC=test2,DC=test'
readOnly: true
uuid:
description: Universal unique identifier of the object in the Source.
type: string
example: '{abf7bd9b-68b4-4d21-9b70-870c58ebf844}'
readOnly: true
previousIdentity:
description: Native identity that the object has previously.
type: string
readOnly: true
name:
description: Display name for this object.
type: string
example: Aaron Carr
readOnly: true
objectType:
description: Type of object.
type: string
example: account
readOnly: true
incomplete:
description: 'A flag indicating that this is an incomplete object. Used in special cases where the connector has to return account information in several phases and the objects might not have a complete set of all account attributes. The attributes in this object will replace the corresponding attributes in the Link, but no other Link attributes will be changed.'
type: boolean
example: false
readOnly: true
incremental:
description: A flag indicating that this is an incremental change object. This is similar to incomplete but it also means that the values of any multi-valued attributes in this object should be merged with the existing values in the Link rather than replacing the existing Link value.
type: boolean
example: false
readOnly: true
delete:
description: A flag indicating that this object has been deleted. This is set only when doing delta aggregation and the connector supports detection of native deletes.
type: boolean
example: false
readOnly: true
remove:
description: A flag set indicating that the values in the attributes represent things to remove rather than things to add. Setting this implies incremental. The values which are always for multi-valued attributes are removed from the current values.
type: boolean
example: false
readOnly: true
missing:
description: A list of attribute names that are not included in this object. This is only used with SMConnector and will only contain "groups".
type: array
items:
type: string
example:
- missFieldOne
- missFieldTwo
readOnly: true
attributes:
description: Attributes of this ResourceObject.
type: object
example:
telephoneNumber: 12-(345)678-9012
mail: example@test.com
displayName: Aaron Carr
readOnly: true
finalUpdate:
description: 'In Aggregation, for sparse object the count for total accounts scanned identities updated is not incremented.'
type: boolean
example: false
readOnly: true
description: Fetched objects from the source connector.
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/ping-cluster':
post:
operationId: pingCluster
tags:
- Sources
summary: Ping cluster for source connector
description: |-
This endpoint validates that the cluster being used by the source is reachable from IdentityNow.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:source-connector:manage'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of pinging connection with the source connector.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/test-configuration':
post:
operationId: testSourceConfiguration
tags:
- Sources
summary: Test configuration for source connector
description: |-
This endpoint performs a more detailed validation of the source's configuration that can take longer than the lighter weight credential validation performed by the checkConnection API.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:source-connector:manage'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of testing source connector configuration with response from it.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/connectors/source-config':
get:
operationId: getSourceConfig
tags:
- Sources
summary: Gets source config with language translations
description: |-
Looks up and returns the source config for the requested source id after populating the source config values and applying language translations.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
- in: query
name: locale
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: A Connector Detail object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: JDBC
sourceConfigXml:
type: string
description: XML representation of the source config data
example: ""
sourceConfig:
type: string
description: JSON representation of the source config data
example:
Form:
Field:
_defaultValue: 'true'
_hidden: 'true'
_name: cloudAuthEnabled
_type: boolean
_value: 'true'
_xmlns: 'http://www.sailpoint.com/xsd/sailpoint_form_1_0.xsd'
_connectorName: Active Directory - Direct
_directConnect: 'true'
_name: Active Directory
_status: released
_type: SourceConfig
__text: \n\t
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
fileUpload:
type: boolean
description: 'Connector config''s file upload attribute, false if not there'
example: false
uploadedFiles:
type: string
description: List of uploaded file strings for the connector
example: []
connectorMetadata:
type: object
description: Object containing metadata pertinent to the UI to be used
example:
supportedUI: EXTJS
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/native-change-detection-config':
get:
operationId: getNativeChangeDetectionConfig
tags:
- Sources
summary: Native Change Detection Configuration
security:
- UserContextAuth:
- 'idn:sources:read'
description: |-
This API returns the existing native change detection configuration for a source specified by the given ID.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Native change detection configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putNativeChangeDetectionConfig
tags:
- Sources
summary: Update Native Change Detection Configuration
security:
- UserContextAuth:
- 'idn:sources:update'
description: |-
Replaces the native change detection configuration for the source specified by the given ID with the configuration provided in the request body.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
responses:
'200':
description: Updated native change detection configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNativeChangeDetectionConfig
tags:
- Sources
summary: Delete Native Change Detection Configuration
description: |-
Deletes the native change detection configuration for the source specified by the given ID.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:sources:update'
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies':
get:
operationId: listProvisioningPolicies
tags:
- Sources
summary: Lists ProvisioningPolicies
description: |-
This end-point lists all the ProvisioningPolicies in IdentityNow.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: List of ProvisioningPolicyDto objects
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createProvisioningPolicy
tags:
- Sources
summary: Create Provisioning Policy
description: |-
This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
examples:
Create Account Provisioning Policy:
value:
name: Account
description: Account Provisioning Policy
usageType: CREATE
fields:
- name: displayName
transform:
type: identityAttribute
attributes:
name: displayName
attributes: {}
isRequired: false
type: string
isMultiValued: false
- name: distinguishedName
transform:
type: usernameGenerator
attributes:
sourceCheck: true
patterns:
- 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
fn:
type: identityAttribute
attributes:
name: firstname
ln:
type: identityAttribute
attributes:
name: lastname
fi:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 1
fti:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 2
attributes:
cloudMaxUniqueChecks: '5'
cloudMaxSize: '100'
cloudRequired: 'true'
isRequired: false
type: ''
isMultiValued: false
- name: description
transform:
type: static
attributes:
value: ''
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'201':
description: Created ProvisioningPolicyDto object
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/{usageType}':
get:
operationId: getProvisioningPolicy
tags:
- Sources
summary: Get Provisioning Policy by UsageType
description: |-
This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy-source:read'
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'200':
description: The requested ProvisioningPolicyDto was successfully retrieved.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putProvisioningPolicy
tags:
- Sources
summary: Update Provisioning Policy by UsageType
description: |-
This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateProvisioningPolicy
tags:
- Sources
summary: Partial update of Provisioning Policy
description: |-
This API selectively updates an existing Provisioning Policy using a JSONPatch payload.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:update'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-field:
summary: Add a field to the beginning of the list
value:
- op: add
path: /fields/0
value:
name: email
transform:
type: identityAttribute
attributes:
name: email
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully updated.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteProvisioningPolicy
tags:
- Sources
summary: Delete Provisioning Policy by UsageType
description: |-
Deletes the provisioning policy with the specified usage on an application.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'204':
description: The ProvisioningPolicyDto was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/bulk-update':
post:
operationId: updateProvisioningPoliciesInBulk
tags:
- Sources
summary: Bulk Update Provisioning Policies
description: |-
This end-point updates a list of provisioning policies on the specified source in IdentityNow.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: A list of the ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/remove-accounts':
post:
operationId: deleteAccountsAsync
summary: Remove All Accounts in a Source
tags:
- Sources
description: |
Use this endpoint to remove all accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
* Removing accounts that no longer exist on the source.
* Removing accounts that won't be aggregated following updates to the source configuration.
* Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The source id
example: ebbf35756e1140699ce52b233121384a
responses:
'202':
description: Accepted. Returns task result details of removal request.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:account:remove'
'/sources/{sourceId}/schemas':
get:
operationId: getSourceSchemas
tags:
- Sources
summary: List Schemas on Source
description: Use this API to list the schemas that exist on the specified source in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: include-types
required: false
schema:
type: string
enum:
- group
- user
description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.'
example: group
responses:
'200':
description: The schemas were successfully retrieved.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSourceSchema
tags:
- Sources
summary: Create Schema on Source
description: Use this API to create a new schema on the specified source in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'201':
description: The schema was successfully created on the specified source.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schemas/{schemaId}':
get:
operationId: getSourceSchema
tags:
- Sources
summary: Get Source Schema by ID
description: |
Get the Source Schema by ID in IdentityNow.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The requested Schema was successfully retrieved.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSourceSchema
tags:
- Sources
summary: Update Source Schema (Full)
description: |-
This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.
* id
* name
* created
* modified
Any attempt to modify these fields will result in an error response with a status code of 400.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'200':
description: The Schema was successfully replaced.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSourceSchema
tags:
- Sources
summary: Update Source Schema (Partial)
description: |
Use this API to selectively update an existing Schema using a JSONPatch payload.
The following schema fields are immutable and cannot be updated:
- id
- name
- created
- modified
To switch an account attribute to a group entitlement, you need to have the following in place:
- `isEntitlement: true`
- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/beta/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:
```json
{
"name": "groups",
"type": "STRING",
"schema": {
"type": "CONNECTOR_SCHEMA",
"id": "2c9180887671ff8c01767b4671fc7d60",
"name": "group"
},
"description": "The groups, roles etc. that reference account group objects",
"isMulti": true,
"isEntitlement": true,
"isGroup": true
}
```
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /displayAttribute
value:
new-display-attribute: null
responses:
'200':
description: The Schema was successfully updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSourceSchema
tags:
- Sources
summary: Delete Source Schema by ID
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: The Schema was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/schemas/accounts':
get:
tags:
- Sources
summary: Downloads source accounts schema template
operationId: getSourceAccountsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:read'
- 'idn:source-schema:manage'
post:
tags:
- Sources
summary: Uploads source accounts schema template
description: This API uploads a source schema template file to configure a source's account attributes.
operationId: importSourceAccountsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:manage'
'/sources/{id}/schemas/entitlements':
get:
tags:
- Sources
summary: Downloads source entitlements schema template
operationId: getSourceEntitlementsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:read'
- 'idn:source-schema:manage'
post:
tags:
- Sources
summary: Uploads source entitlements schema template
description: This API uploads a source schema template file to configure a source's entitlement attributes.
operationId: importSourceEntitlementsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
description: The underlying type of the value which an AttributeDefinition represents.
example: STRING
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: The sAMAccountName attribute
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:manage'
'/sources/{sourceId}/upload-connector-file':
post:
operationId: importSourceConnectorFile
security:
- UserContextAuth:
- 'idn:sources-admin:manage'
tags:
- Sources
summary: Upload connector file to source
description: |-
This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Uploaded the file successfully and sent all post-upload events
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
description: Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.
type: object
nullable: true
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: 2021-09-28T15:48:29.380Z
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/synchronize-attributes':
post:
operationId: syncAttributesForSource
tags:
- Sources
summary: Synchronize single source attributes.
description: |-
This end-point performs attribute synchronization for a selected source.
A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
responses:
'202':
description: A Source Sync job
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Job ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status:
type: string
description: The job status.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: IN_PROGRESS
payload:
description: Job payload.
example:
type: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}'
type: object
properties:
type:
type: string
description: Payload type.
example: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson:
type: string
description: Payload type.
example: '{"sourceId":"2c918083746f642c01746f990884012a"}'
required:
- type
- dataJson
required:
- id
- status
- payload
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status: IN_PROGRESS
payload:
type: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/entitlement-request-config':
get:
security:
- UserContextAuth:
- 'idn:sources:read'
- 'idn:sources:manage'
operationId: getSourceEntitlementRequestConfig
summary: Get Source Entitlement Request Configuration
tags:
- Sources
description: |-
This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.
Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.
- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.
- However, the entitlement-level configuration (if defined) overrides this source-level configuration.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
responses:
'200':
description: Source Entitlement Request Configuration Details.
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
description: Configuration for requesting access to entitlements
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
examples:
Get default config:
description: The default config for a source should look like the following where the empty approvalSchemes indicates that no approvals are required.
value:
accessRequestConfig:
approvalSchemes: []
requestCommentRequired: false
denialCommentRequired: false
Get config with one approval:
description: 'In case of a single approval, the config could look like the following.'
value:
accessRequestConfig:
approvalSchemes:
- approverId: null
approverType: SOURCE_OWNER
requestCommentRequired: true
denialCommentRequired: false
Get config with multiple approvals:
description: 'In case of multiple levels of approvals the config could look like the following. In this scenario, access request review process should go through all the approvers sequentially.'
value:
accessRequestConfig:
approvalSchemes:
- approverId: null
approverType: ENTITLEMENT_OWNER
- approverId: null
approverType: SOURCE_OWNER
- approverId: 95e538a3-30c1-433a-af05-4bed973bbc22
approverType: GOVERNANCE_GROUP
requestCommentRequired: true
denialCommentRequired: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
security:
- UserContextAuth:
- 'idn:sources:manage'
operationId: updateSourceEntitlementRequestConfig
summary: Update Source Entitlement Request Configuration
tags:
- Sources
description: |-
This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.
Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.
- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.
- However, the entitlement-level configuration (if defined) overrides this source-level configuration.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
description: Configuration for requesting access to entitlements
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
examples:
Set config with no approvals:
description: 'If no approvals are required, the following config can be set.'
value:
accessRequestConfig:
approvalSchemes: []
Set config with one approval:
description: In case of single approval the following config can be set.
value:
accessRequestConfig:
approvalSchemes:
- approverType: SOURCE_OWNER
requestCommentRequired: true
denialCommentRequired: false
Set config with multiple approvals:
description: 'In case of multiple levels of approvals the following config can be set. In this scenario, access request review process should go through all the approvers sequentially.'
value:
accessRequestConfig:
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
- approverType: SOURCE_OWNER
- approverType: GOVERNANCE_GROUP
approverId: 95e538a3-30c1-433a-af05-4bed973bbc22
requestCommentRequired: true
denialCommentRequired: false
responses:
'200':
description: Source Entitlement Request Configuration Details.
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
description: Configuration for requesting access to entitlements
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/load-accounts':
post:
tags:
- Sources
summary: Account Aggregation
operationId: importAccounts
description: |-
Starts an account aggregation on the specified source.
If the target source is a delimited file source, then the CSV file needs to be included in the request body.
You will also need to set the Content-Type header to `multipart/form-data`.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:sources:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source Id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file containing the source accounts to aggregate.
disableOptimization:
type: string
enum:
- 'true'
- 'false'
example: 'true'
description: Use this flag to reprocess every account whether or not the data has changed.
application/x-www-form-urlencoded:
schema:
type: object
description: 'This content type is provided for compatibility with services that don''t support multipart/form-data, such as SailPoint Workflows. This content type does not support files, so it can only be used for direct connect sources.'
properties:
disableOptimization:
type: string
enum:
- 'true'
- 'false'
example: 'true'
description: Use this flag to reprocess every account whether or not the data has changed.
responses:
'202':
description: Aggregate Accounts Task
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
description: The status of the result
default: 'true'
example: 'true'
task:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: ef38f94347e94562b5bb8424a56397d8
type:
description: Type of task this task represents
type: string
example: QUARTZ
name:
description: The name of the aggregation process
type: string
example: Cloud Account Aggregation
description:
description: The description of the task
type: string
example: Aggregate from the specified application
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
type: string
description: The Task creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: The task start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: The task completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Task completion status.
example: Success
parentName:
type: string
nullable: true
description: Name of the parent task if exists.
example: Audit Report
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: This aggregation failed because the currently running aggregation must complete before the next one can start.
localizedText:
type: string
description: Message context with the locale based language.
example: This aggregation failed because the currently running aggregation must complete before the next one can start.
progress:
type: string
nullable: true
description: Current task state.
example: Initializing...
attributes:
type: object
description: Extra attributes map(dictionary) for the task.
properties:
appId:
description: The id of the source
type: string
example: c31386cb18bb403cbb6df4c86294ff82
optimizedAggregation:
description: The indicator if the aggregation process was enabled/disabled for the aggregation job
type: string
example: enabled
additionalProperties:
type: object
returns:
type: array
description: Return values from the task
items:
type: object
properties:
displayLabel:
type: string
description: The display label of the return value
example: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS
attributeName:
type: string
description: The attribute name of the return value
example: applications
example:
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_OPTIMIZED
attributeName: optimizedAggregation
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IGNORED
attributeName: ignored
- displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS
attributeName: optimized
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CREATED
attributeName: created
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UPDATED
attributeName: updated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_DELETED
attributeName: deleted
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGER_CHANGES
attributeName: managerChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_BUSINESS_ROLE_CHANGES
attributeName: detectedRoleChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_EXCEPTION_CHANGES
attributeName: exceptionChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICIES
attributeName: policies
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_VIOLATIONS
attributeName: policyViolations
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_NOTIFICATIONS
attributeName: policyNotifications
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCORES_CHANGED
attributeName: scoresChanged
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SNAPSHOTS_CREATED
attributeName: snapshotsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CREATED
attributeName: scopesCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CORRELATED
attributeName: scopesCorrelated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_SELECTED
attributeName: scopesSelected
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_DORMANT
attributeName: scopesDormant
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UNSCOPED_IDENTITIES
attributeName: unscopedIdentities
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_CREATED
attributeName: certificationsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_DELETED
attributeName: certificationsDeleted
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS_GENERATED
attributeName: applicationsGenerated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED
attributeName: managedAttributesCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP
attributeName: managedAttributesCreatedByApplication
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IDENTITYENTITLEMENTS_CREATED
attributeName: identityEntitlementsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_GROUPS_CREATED
attributeName: groupsCreated
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/load-entitlements':
post:
tags:
- Sources
summary: Entitlement Aggregation
operationId: importEntitlements
description: |-
Starts an entitlement aggregation on the specified source.
If the target source is a delimited file source, then the CSV file needs to be included in the request body.
You will also need to set the Content-Type header to `multipart/form-data`.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source Id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file containing the source entitlements to aggregate.
responses:
'202':
description: Aggregate Entitlements Task
content:
application/json:
schema:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: ef38f94347e94562b5bb8424a56397d8
type:
description: Type of task this task represents
type: string
example: QUARTZ
uniqueName:
description: The name of the task
type: string
example: Cloud Group Aggregation
description:
description: The description of the task
type: string
example: Aggregate from the specified application
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
description: The creation date of the task
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
returns:
description: Return values from the task
type: array
items:
type: object
properties:
displayLabel:
description: The display label for the return value
type: string
example: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName:
description: The attribute name for the return value
type: string
example: applications
example:
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_CREATED
attributeName: groupsCreated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_UPDATED
attributeName: groupsUpdated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_DELETED
attributeName: groupsDeleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:entitlements:manage'
'/sources/{id}/load-uncorrelated-accounts':
post:
tags:
- Sources
summary: Process Uncorrelated Accounts
operationId: importUncorrelatedAccounts
description: File is required for upload. You will also need to set the Content-Type header to `multipart/form-data`
security:
- UserContextAuth:
- 'idn:sources:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Source Id
example: 75dbec1ebe154d5785da27b95e1dd5d7
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'202':
description: Uncorrelated Accounts Task
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
description: The status of the result
default: 'true'
example: 'true'
task:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: 90b83a6bb737489494794f84cd3a51e6
type:
description: Type of task this task represents
type: string
example: QUARTZ
name:
description: The name of uncorrelated accounts process
type: string
example: Cloud Process Uncorrelated Accounts
description:
description: The description of the task
type: string
example: Processes uncorrelated accounts for the specified application.
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
type: string
description: The Task creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: The task start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: The task completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Task completion status.
example: Success
parentName:
type: string
nullable: true
description: Name of the parent task if exists.
example: Audit Report
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: This correlation failed because the currently running correlation must complete before the next one can start.
localizedText:
type: string
description: Message context with the locale based language.
example: This correlation failed because the currently running correlation must complete before the next one can start.
progress:
type: string
nullable: true
description: Current task state.
example: Initializing...
attributes:
type: object
description: Extra attributes map(dictionary) for the task.
properties:
qpocJobId:
description: The id of qpoc job
type: string
example: 5d303d46-fc51-48cd-9c6d-4e211e3ab63c
taskStartDelay:
description: the task start delay value
example: ''
returns:
description: Return values from the task
type: object
example:
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IGNORED
attributeName: correlationFailures
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_FAILURES
attributeName: ignored
- displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS
attributeName: optimized
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION__CREATED
attributeName: created
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UPDATED
attributeName: updated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_DELETED
attributeName: deleted
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGER_CHANGES
attributeName: managerChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_BUSINESS_ROLE_CHANGES
attributeName: detectedRoleChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_EXCEPTION_CHANGES
attributeName: exceptionChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICIES
attributeName: policies
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_VIOLATIONS
attributeName: policyViolations
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_NOTIFICATIONS
attributeName: policyNotifications
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCORES_CHANGED
attributeName: scoresChanged
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SNAPSHOTS_CREATED
attributeName: snapshotsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CREATED
attributeName: scopesCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CORRELATED
attributeName: scopesCorrelated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_SELECTED
attributeName: scopesSelected
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_DORMANT
attributeName: scopesDormant
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UNSCOPED_IDENTITIES
attributeName: unscopedIdentities
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_CREATED
attributeName: certificationsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_DELETED
attributeName: certificationsDeleted
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS_GENERATED
attributeName: applicationsGenerated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED
attributeName: managedAttributesCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP
attributeName: managedAttributesCreatedByApplication
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IDENTITYENTITLEMENTS_CREATED
attributeName: identityEntitlementsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_GROUPS_CREATED
attributeName: groupsCreated
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/correlation-config':
get:
operationId: getCorrelationConfig
tags:
- Sources
summary: Get Source Correlation Configuration
security:
- UserContextAuth:
- 'idn:sources:read'
description: |-
This API returns the existing correlation configuration for a source specified by the given ID.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Correlation configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putCorrelationConfig
tags:
- Sources
summary: Update Source Correlation Configuration
security:
- UserContextAuth:
- 'idn:sources:update'
description: |-
Replaces the correlation configuration for the source specified by the given ID with the configuration provided in the request body.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
responses:
'200':
description: Updated correlation configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/task-status/{id}':
get:
tags:
- Task Management
summary: Get task status by ID.
description: Get a TaskStatus for a task by task ID.
operationId: getTaskStatus
parameters:
- name: id
in: path
description: Task ID.
required: true
example: 00eebcf881994e419d72e757fd30dc0e
style: simple
explode: false
schema:
type: string
responses:
'200':
description: Responds with a TaskStatus for the task with the given task ID.
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
type: object
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden, generally due to a lack of security rights'
'404':
description: TaskStatus with the given id was not found.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:task-management:read'
patch:
operationId: updateTaskStatus
tags:
- Task Management
summary: Update task status by ID
description: Update a current task status by task ID. Use this API to clear a pending task by updating the completionStatus and completed attributes.
parameters:
- name: id
in: path
description: Task ID.
example: 00eebcf881994e419d72e757fd30dc0e
required: true
style: simple
explode: false
schema:
type: string
requestBody:
required: true
description: The JSONPatch payload used to update the object.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /completionStatus
value: Error
- op: replace
path: /completed
value: 2024-05-17T19:33:16.470Z
responses:
'200':
description: 'This response indicates the PATCH operation succeeded, and the API returns the updated task object.'
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
type: object
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:task-management:write'
/task-status:
get:
tags:
- Task Management
summary: Retrieve a task status list.
description: |
Use this endpoint to get a list of **completed** tasks. To get a list of tasks **in-progress**, please use the [get pending tasks](https://developer.sailpoint.com/docs/api/beta/get-pending-tasks) endpoint.
operationId: getTaskStatusList
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: completionStatus eq "Success"
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**sourceId**: *eq, in*
**completionStatus**: *eq, in*
**type**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
example: '-created'
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created**
responses:
'200':
description: Responds with a TaskStatus for the task with the given task ID.
content:
application/json:
schema:
type: array
items:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
type: object
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:task-management:read'
/task-status/pending-tasks:
get:
tags:
- Task Management
summary: Retrieve a pending task list.
description: Retrieve a list of TaskStatus for pending tasks.
operationId: getPendingTasks
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Responds with a list of TaskStatus for pending tasks.
content:
application/json:
schema:
type: array
items:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
type: object
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
security:
- UserContextAuth:
- 'idn:task-management:read'
head:
tags:
- Task Management
summary: Retrieve headers only for pending task list.
description: Retrieve headers for a list of TaskStatus for pending tasks.
operationId: getPendingTaskHeaders
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: Responds with headers for List of TaskStatus for pending tasks.
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
security:
- UserContextAuth:
- 'idn:task-management:read'
/tagged-objects:
get:
operationId: listTaggedObjects
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List Tagged Objects
description: |-
This API returns a list of all tagged objects.
Any authenticated token may be used to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq, in*
**objectRef.type**: *eq, in*
**tagName**: *eq, in*
example: tagName eq "BU_FINANCE"
required: false
responses:
'200':
description: List of all tagged objects.
content:
application/json:
schema:
type: array
items:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: setTagToObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Add Tag to Object
description: |-
This adds a tag to an object.
Any authenticated token may be used to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}':
get:
operationId: listTaggedObjectsByType
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List Tagged Objects by Type
description: |-
This API returns a list of all tagged objects by type.
Any authenticated token may be used to call this API.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq*
**objectRef.type**: *eq*
example: objectRef.id eq "2c91808568c529c60168cca6f90c1313"
required: false
responses:
'200':
description: List of all tagged objects for specified type.
content:
application/json:
schema:
type: array
items:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}/{id}':
get:
operationId: getTaggedObject
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Get Tagged Object
description: This gets a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putTaggedObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Update Tagged Object
description: This updates a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to update.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to update.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
nullable: true
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteTaggedObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Delete Tagged Object
description: This deletes a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to delete.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to delete.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-add:
post:
operationId: setTagsToManyObjects
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Tag Multiple Objects
description: |-
This API adds tags to multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
requestBody:
required: true
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to object.
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to object.
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-remove:
post:
operationId: deleteTagsToManyObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Remove Tags from Multiple Objects
description: |-
This API removes tags from multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
requestBody:
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
required: true
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to object.
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tenant:
get:
operationId: getTenant
tags:
- Tenant
summary: Get Tenant Information.
description: This rest endpoint can be used to retrieve tenant details.
security:
- UserContextAuth:
- 'sp:tenant:read'
responses:
'200':
description: Tenant Info
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: The unique identifier for the Tenant
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Abbreviated name of the Tenant
example: acme
fullName:
type: string
description: Human-readable name of the Tenant
example: 'Acme, Inc'
pod:
type: string
description: Deployment pod for the Tenant
example: example-pod
region:
type: string
description: Deployment region for the Tenant
example: us-east-1
description:
type: string
description: Description of the Tenant
example: Description of the Tenant
products:
type: array
items:
type: object
properties:
productName:
type: string
description: Name of the Product
example: idn
url:
type: string
description: URL of the Product
example: 'https://tenant-name.identitynow.com'
productTenantId:
type: string
description: An identifier for a specific product-tenant combination
example: tenant#product
productRegion:
type: string
description: Product region
example: us-east-1
productRight:
type: string
description: Right needed for the Product
example: 'idn:ui:view'
apiUrl:
nullable: true
type: string
description: API URL of the Product
example: 'https://tenant-name.api.identitynow.com'
licenses:
type: array
items:
type: object
properties:
licenseId:
type: string
description: Name of the license
example: 'idn:access-request'
legacyFeatureName:
type: string
description: Legacy name of the license
example: ACCESS_REQUEST
attributes:
type: object
additionalProperties: true
description: Additional attributes for a product
example:
domain: 'https://tenant-name.identitynow.com'
maxRegisteredUsers: 250
zone:
type: string
description: Zone
example: Deployment zone for the Product
status:
type: string
description: Status of the product
example: active
statusDateTime:
type: string
format: date-time
description: Status datetime
example: '2020-05-19T13:49:37.385Z'
reason:
type: string
description: If there's a tenant provisioning failure then reason will have the description of error
example: Reason
notes:
type: string
description: Product could have additional notes added during tenant provisioning.
example: Example notes
dateCreated:
nullable: true
type: string
format: date-time
description: Date when the product was created
example: '2020-05-19T13:49:37.385Z'
lastUpdated:
nullable: true
type: string
format: date-time
description: Date when the product was last updated
example: '2020-05-19T13:49:37.385Z'
orgType:
nullable: true
type: string
enum:
- development
- staging
- production
- test
- partner
- training
- demonstration
- sandbox
- null
description: Type of org
example: test
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/transforms:
get:
tags:
- Transforms
summary: List transforms
description: |-
Gets a list of all saved transform objects.
A token with transforms-list read authority is required to call this API.
operationId: listTransforms
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: name
in: query
description: Name of the transform to retrieve from the list.
required: false
style: form
schema:
type: string
example: ExampleTransformName123
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**internal**: *eq*
**name**: *eq, sw*
required: false
style: form
explode: true
example: name eq "Uppercase"
schema:
type: string
responses:
'200':
description: A list of transforms matching the given criteria.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
- id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
- id: 2lkas8dhj4bkuakja77giih7l4ashh
name: PrefixSubstring
type: substring
attributes:
begin: 0
end: 3
internal: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
post:
tags:
- Transforms
summary: Create transform
description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.'
operationId: createTransform
requestBody:
required: true
description: The transform to be created.
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'201':
description: Indicates the transform was successfully created and returns its representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
'/transforms/{id}':
get:
tags:
- Transforms
summary: Transform by ID
description: |-
This API returns the transform specified by the given ID.
A token with transform read authority is required to call this API.
operationId: getTransform
parameters:
- name: id
in: path
description: ID of the transform to retrieve
required: true
style: simple
explode: false
example: 2cd78adghjkja34jh2b1hkjhasuecd
schema:
type: string
responses:
'200':
description: Transform with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
put:
tags:
- Transforms
summary: Update a transform
description: |-
Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error.
A token with transform write authority is required to call this API.
operationId: updateTransform
parameters:
- name: id
in: path
description: ID of the transform to update
required: true
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
requestBody:
description: 'The updated transform object. Must include "name", "type", and "attributes" fields, but "name" and "type" must not be modified.'
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'200':
description: Indicates the transform was successfully updated and returns its new representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
nullable: true
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
delete:
tags:
- Transforms
summary: Delete a transform
description: |-
Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.
A token with transform delete authority is required to call this API.
operationId: deleteTransform
parameters:
- name: id
in: path
description: ID of the transform to delete
required: true
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
'/translation-catalogs/{catalog-id}':
get:
operationId: getMessageCatalogs
summary: Get Message catalogs
tags:
- IAI Message Catalogs
description: The getMessageCatalogs API returns message catalog based on the language headers in the requested object.
parameters:
- in: path
name: catalog-id
schema:
type: string
enum:
- recommender
- access-request-recommender
required: true
description: The ID of the message catalog.
example: recommender
responses:
'200':
description: The message catalogs based on the request headers
content:
application/json:
schema:
type: array
items:
type: object
properties:
locale:
type: string
description: The language in which the messages are returned
example: en_US
messages:
type: array
items:
type: object
properties:
key:
type: string
description: The key of the message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW
format:
type: string
description: The format of the message
example: '{0,,\"i18n hint: percentage\"}% of identities with the same {1,,\"i18n hint: name of category feature\"} have this access. This information had a low impact on the overall score.'
description: The list of message with their keys and formats
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
/triggers:
get:
operationId: listTriggers
tags:
- Triggers
summary: List Triggers
description: Gets a list of triggers that are available in the tenant.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ge, le*
example: 'id eq "idn:access-request-post-approval"'
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name**
example: name
responses:
'200':
description: List of triggers.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- name
- type
- inputSchema
- exampleInput
properties:
id:
type: string
description: Unique identifier of the trigger.
example: 'idn:access-request-dynamic-approver'
name:
type: string
description: Trigger Name.
example: Access Request Dynamic Approver
type:
example: REQUEST_RESPONSE
type: string
description: The type of trigger.
enum:
- REQUEST_RESPONSE
- FIRE_AND_FORGET
description:
type: string
description: Trigger Description.
example: Trigger for getting a dynamic approver.
inputSchema:
type: string
description: The JSON schema of the payload that will be sent by the trigger to the subscribed service.
example: '{"definitions":{"record:AccessRequestDynamicApproverInput":{"type":"object","required":["accessRequestId","requestedFor","requestedItems","requestedBy"],"additionalProperties":true,"properties":{"accessRequestId":{"type":"string"},"requestedFor":{"$ref":"#/definitions/record:requestedForIdentityRef"},"requestedItems":{"type":"array","items":{"$ref":"#/definitions/record:requestedObjectRef"}},"requestedBy":{"$ref":"#/definitions/record:requestedByIdentityRef"}}},"record:requestedForIdentityRef":{"type":"object","required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}},"record:requestedObjectRef":{"type":"object","optional":["description","comment"],"required":["id","name","type","operation"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"oneOf":[{"type":"null"},{"type":"string"}]},"type":{"type":"string"},"operation":{"type":"string"},"comment":{"oneOf":[{"type":"null"},{"type":"string"}]}}},"record:requestedByIdentityRef":{"type":"object","required":["type","id","name"],"additionalProperties":true,"properties":{"type":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverInput"}'
exampleInput:
description: An example of the JSON payload that will be sent by the trigger to the subscribed service.
oneOf:
- title: Access Request Dynamic Approver
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: |
The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: The access items that are being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: Human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Extended description of the access item.
example: Engineering Access
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item being requested.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: Grant or revoke the access item
example: Add
comment:
nullable: true
type: string
description: A comment from the requestor on why the access is needed.
example: William needs this access for his day to day job activities.
minItems: 1
maxItems: 25
requestedBy:
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Access Request Post Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItemsStatus
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItemsStatus:
description: Details on the outcome of each access item.
type: array
items:
type: object
required:
- id
- name
- type
- operation
- approvalInfo
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
clientMetadata:
description: Additional customer defined metadata about the access item.
nullable: true
type: object
additionalProperties: true
example:
applicationName: My application
approvalInfo:
description: A list of one or more approvers for the access request.
type: array
items:
type: object
required:
- approvalDecision
- approverName
- approver
properties:
approvalComment:
nullable: true
type: string
description: A comment left by the approver.
example: This access looks good. Approved.
approvalDecision:
enum:
- APPROVED
- DENIED
description: The final decision of the approver.
example: APPROVED
approverName:
type: string
description: The name of the approver
example: Stephen.Austin
approver:
required:
- id
- type
- name
allOf:
- type: object
description: Identity who approved the access item request.
properties:
type:
type: string
description: DTO type of identity who approved the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who approved the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who approved the access item request.
example: Allen Albertson
description: The identity of the approver.
properties:
type:
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Access Request Pre Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: Details of the access items being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
minItems: 1
maxItems: 25
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Account Aggregation Completed
type: object
required:
- source
- status
- started
- completed
- errors
- warnings
- stats
properties:
source:
required:
- type
- name
- id
type: object
description: The source the accounts are being aggregated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are being aggregated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are being aggregated from.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of the source the accounts are being aggregated from.
example: HR Active Directory
status:
description: The overall status of the aggregation.
enum:
- Success
- Failed
- Terminated
example: Success
started:
type: string
format: date-time
description: The date and time when the account aggregation started.
example: '2020-06-29T22:01:50.474Z'
completed:
type: string
format: date-time
description: The date and time when the account aggregation finished.
example: '2020-06-29T22:02:04.090Z'
errors:
nullable: true
description: A list of errors that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive error message.
example: Accounts unable to be aggregated.
warnings:
nullable: true
description: A list of warnings that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive warning message.
example: Account Skipped
stats:
type: object
description: Overall statistics about the account aggregation.
required:
- scanned
- unchanged
- changed
- added
- removed
properties:
scanned:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which were scanned / iterated over.
example: 200
unchanged:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had no changes.'
example: 190
changed:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had changes.'
example: 6
added:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which are new - have not existed before.
example: 4
removed:
type: integer
minimum: 0
maximum: 2147483647
format: int32
description: 'The number accounts which existed before, but no longer exist (thus getting removed).'
example: 3
- title: Account Attributes Changed
type: object
required:
- identity
- source
- account
- changes
properties:
identity:
required:
- id
- type
- name
type: object
description: The identity whose account attributes were updated.
properties:
type:
type: string
description: DTO type of the identity whose account attributes were updated.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity whose account attributes were updated.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of the identity whose account attributes were updated.
example: Michael Michaels
source:
required:
- id
- type
- name
type: object
description: The source that contains the account.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
account:
type: object
description: Details of the account where the attributes changed.
required:
- id
- uuid
- name
- nativeIdentity
- type
properties:
id:
type: string
description: SailPoint generated unique identifier.
example: 52170a74-ca89-11ea-87d0-0242ac130003
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
name:
type: string
description: Name of the account.
example: john.doe
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
type:
enum:
- ACCOUNT
description: The type of the account
example: ACCOUNT
changes:
type: array
description: A list of attributes that changed.
items:
type: object
required:
- attribute
- oldValue
- newValue
properties:
attribute:
type: string
description: The name of the attribute.
example: sn
oldValue:
description: The previous value of the attribute.
nullable: true
oneOf:
- type: string
- type: boolean
- type: array
items:
nullable: true
type: string
example: doe
newValue:
description: The new value of the attribute.
nullable: true
oneOf:
- type: string
- type: boolean
- type: array
items:
nullable: true
type: string
example: ryans
- title: Account Correlated
type: object
required:
- identity
- source
- account
- attributes
properties:
identity:
required:
- type
- name
- id
type: object
description: Identity the account is correlated with.
properties:
type:
type: string
description: DTO type of the identity the account is correlated with.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity the account is correlated with.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of the identity the account is correlated with.
example: Michael Michaels
source:
required:
- id
- type
- name
type: object
description: The source the accounts are being correlated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are being correlated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are being correlated from.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of the source the accounts are being correlated from.
example: HR Active Directory
account:
type: object
description: The correlated account.
required:
- id
- name
- nativeIdentity
- type
properties:
type:
type: string
description: The correlated account's DTO type.
enum:
- ACCOUNT
example: ACCOUNT
id:
type: string
description: The correlated account's ID.
example: 98da47c31df444558c211f9b205184f6
name:
type: string
description: The correlated account's display name.
example: Brian Mendoza
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
attributes:
type: object
description: The attributes associated with the account. Attributes are unique per source.
additionalProperties: true
example:
sn: doe
givenName: john
memberOf:
- 'cn=g1,ou=groups,dc=acme,dc=com'
- 'cn=g2,ou=groups,dc=acme,dc=com'
- 'cn=g3,ou=groups,dc=acme,dc=com'
entitlementCount:
type: integer
format: int32
description: The number of entitlements associated with this account.
example: 0
- title: Accounts Collected for Aggregation
type: object
required:
- source
- status
- started
- completed
- errors
- warnings
- stats
properties:
source:
required:
- id
- type
- name
type: object
description: Reference to the source that has been aggregated.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
status:
description: The overall status of the collection.
enum:
- Success
- Failed
- Terminated
example: Success
started:
type: string
format: date-time
description: The date and time when the account collection started.
example: '2020-06-29T22:01:50.474Z'
completed:
type: string
format: date-time
description: The date and time when the account collection finished.
example: '2020-06-29T22:02:04.090Z'
errors:
nullable: true
description: A list of errors that occurred during the collection.
type: array
items:
type: string
description: A descriptive error message.
example: Unable to collect accounts for aggregation.
warnings:
nullable: true
description: A list of warnings that occurred during the collection.
type: array
items:
type: string
description: A descriptive warning message.
example: Account Skipped
stats:
type: object
description: Overall statistics about the account collection.
required:
- scanned
- unchanged
- changed
- added
- removed
properties:
scanned:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which were scanned / iterated over.
example: 200
unchanged:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had no changes.'
example: 190
changed:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had changes.'
example: 6
added:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which are new - have not existed before.
example: 4
removed:
type: integer
minimum: 0
maximum: 2147483647
format: int32
description: 'The number accounts which existed before, but no longer exist (thus getting removed).'
example: 3
- title: Account Uncorrelated
type: object
required:
- identity
- source
- account
properties:
identity:
required:
- type
- name
- id
type: object
description: Identity the account is uncorrelated with.
properties:
type:
type: string
description: DTO type of the identity the account is uncorrelated with.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity the account is uncorrelated with.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of the identity the account is uncorrelated with.
example: Allen Albertson
source:
required:
- type
- name
- id
type: object
description: The source the accounts are uncorrelated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are uncorrelated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are uncorrelated from.
example: 2c6180835d191a86015d28455b4b231b
name:
type: string
description: Display name of the source the accounts are uncorrelated from.
example: Corporate Directory
account:
type: object
description: Uncorrelated account.
required:
- id
- name
- nativeIdentity
- type
properties:
type:
enum:
- ACCOUNT
description: Uncorrelated account's DTO type.
example: ACCOUNT
id:
type: string
description: Uncorrelated account's ID.
example: 4dd497e3723e439991cb6d0e478375dd
name:
type: string
description: Uncorrelated account's display name.
example: Sadie Jensen
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
entitlementCount:
type: integer
format: int32
description: The number of entitlements associated with this account.
example: 0
- title: Campaign Activated
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that was activated.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-02-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- ACTIVE
description: The current status of the campaign.
example: ACTIVE
- title: Campaign Ended
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that ended.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-03-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- COMPLETED
description: The current status of the campaign.
example: COMPLETED
- title: Campaign Generated
type: object
required:
- campaign
properties:
campaign:
description: Details about the campaign that was generated.
type: object
required:
- id
- name
- description
- created
- type
- campaignOwner
- status
properties:
id:
type: string
description: The unique ID of the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: Human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
description: The date and time the campaign was last modified.
example: '2021-02-17T03:04:45.815Z'
deadline:
nullable: true
type: string
description: The date and time when the campaign must be finished by.
example: '2021-02-18T03:04:45.815Z'
type:
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
description: The type of campaign that was generated.
example: MANAGER
campaignOwner:
type: object
description: The identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The display name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- STAGED
- ACTIVATING
- ACTIVE
description: The current status of the campaign.
example: STAGED
- title: Certification Signed Off
type: object
required:
- certification
properties:
certification:
description: The certification campaign that was signed off on.
required:
- id
- name
- created
allOf:
- type: object
required:
- campaignRef
- completed
- decisionsMade
- decisionsTotal
- due
- signed
- reviewer
- campaignOwner
- hasErrors
- phase
- entitiesCompleted
- entitiesTotal
properties:
campaignRef:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
description: The date the reviewer signed off on the certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
description: A reference to the reviewer of the campaign.
type: object
required:
- type
- id
- name
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: The reviewer's display name.
example: Michael Michaels
email:
type: string
nullable: true
description: The reviewing identity's email. Only applicable to `IDENTITY`.
example: reviewer@test.com
reassignment:
nullable: true
description: A reference to a reviewer that this campaign has been reassigned to.
type: object
properties:
from:
description: Previous certification.
type: object
allOf:
- type: object
description: Certification for review.
properties:
type:
type: string
description: DTO type of certification for review.
enum:
- CERTIFICATION
example: IDENTITY
id:
type: string
description: ID of certification for review.
example: 7589a83cec4b4f138ce56c1a5ef0756d
name:
type: string
description: Display name of certification for review.
example: Manager Access for Michael Michaels
- type: object
properties:
reviewer:
description: Certification reviewer
type: object
required:
- type
- id
- name
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: The reviewer's display name.
example: Michael Michaels
email:
type: string
nullable: true
description: The reviewing identity's email. Only applicable to `IDENTITY`.
example: reviewer@test.com
comment:
type: string
description: Comments from the previous reviewer.
example: Please review
hasErrors:
type: boolean
example: false
description: Indicates it the certification has any errors.
errorMessage:
type: string
nullable: true
example: The certification has an error
description: A message indicating what the error is.
completed:
type: boolean
description: Indicates if all certification decisions have been made.
example: false
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions for the certification.
example: 40
format: int32
entitiesCompleted:
type: integer
description: 'The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.'
example: 5
format: int32
entitiesTotal:
type: integer
format: int32
description: 'The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.'
example: 10
properties:
id:
type: string
description: Unique ID of the certification.
example: 2c91808576f886190176f88caf0d0067
name:
type: string
description: The name of the certification.
example: Manager Access Review for Alice Baker
created:
type: string
format: date-time
description: The date and time the certification was created.
example: '2020-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the certification was last modified.
example: '2020-02-16T03:06:45.815Z'
- title: Identity Attributes Changed
type: object
required:
- identity
- changes
properties:
identity:
required:
- id
- type
- name
type: object
description: Identity whose attributes changed.
properties:
type:
type: string
description: DTO type of identity whose attributes changed.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity whose attributes changed.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of identity whose attributes changed.
example: Michael Michaels
changes:
description: A list of one or more identity attributes that changed on the identity.
type: array
items:
type: object
required:
- attribute
properties:
attribute:
type: string
description: The name of the identity attribute that changed.
example: department
oldValue:
description: The value of the identity attribute before it changed.
nullable: true
example: sales
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
newValue:
description: The value of the identity attribute after it changed.
example: marketing
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
- title: Identity Created
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Created identity.
properties:
type:
type: string
description: Created identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Created identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Created identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
- title: Identity Deleted
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Deleted identity.
properties:
type:
type: string
description: Deleted identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Deleted identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Deleted identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
- title: Provisioning Completed
type: object
required:
- trackingNumber
- sources
- recipient
- accountRequests
properties:
trackingNumber:
type: string
description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
sources:
type: string
description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated.
example: 'Corp AD, Corp LDAP, Corp Salesforce'
action:
nullable: true
type: string
description: Origin of where the provisioning request came from.
example: IdentityRefresh
errors:
nullable: true
description: A list of any accumulated error messages that occurred during provisioning.
type: array
items:
type: string
example: Connector AD Failed
warnings:
nullable: true
description: A list of any accumulated warning messages that occurred during provisioning.
type: array
items:
type: string
example: Notification Skipped due to invalid email
recipient:
required:
- id
- type
- name
type: object
description: Provisioning recpient.
properties:
type:
type: string
description: Provisioning recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Provisioning recipient's display name.
example: Michael Michaels
requester:
nullable: true
required:
- id
- type
- name
type: object
description: Provisioning requester's identity.
properties:
type:
type: string
description: Provisioning requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Provisioning owner's human-readable display name.
example: William Wilson
accountRequests:
type: array
description: A list of provisioning instructions to perform on an account-by-account basis.
items:
type: object
required:
- source
- accountOperation
- provisioningResult
- provisioningTarget
properties:
source:
required:
- id
- type
- name
type: object
description: Reference to the source being provisioned against.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
accountId:
type: string
description: The unique idenfier of the account being provisioned.
example: 'CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com'
accountOperation:
type: string
description: 'The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.'
example: Modify
provisioningResult:
description: 'The overall result of the provisioning transaction; this could be success, pending, failed, etc.'
enum:
- SUCCESS
- PENDING
- FAILED
example: SUCCESS
provisioningTarget:
type: string
description: 'The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).'
example: Corp AD
ticketId:
nullable: true
type: string
description: 'A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).'
example: '72619262'
attributeRequests:
nullable: true
description: A list of attributes as part of the provisioning transaction.
type: array
items:
type: object
required:
- attributeName
- operation
properties:
attributeName:
type: string
description: The name of the attribute being provisioned.
example: memberOf
attributeValue:
nullable: true
type: string
description: The value of the attribute being provisioned.
example: 'CN=jedi,DC=starwars,DC=com'
operation:
enum:
- Add
- Set
- Remove
description: The operation to handle the attribute.
example: Add
- title: Saved Search Complete
type: object
required:
- fileName
- ownerEmail
- ownerName
- query
- searchName
- searchResults
- signedS3Url
properties:
fileName:
type: string
description: A name for the report file.
example: Modified.zip
ownerEmail:
type: string
description: The email address of the identity that owns the saved search.
example: test@sailpoint.com
ownerName:
type: string
description: The name of the identity that owns the saved search.
example: Cloud Support
query:
type: string
description: The search query that was used to generate the report.
example: 'modified:[now-7y/d TO now]'
searchName:
type: string
description: The name of the saved search.
example: Modified Activity
searchResults:
type: object
description: 'A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.'
properties:
Account:
description: A table of accounts that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 3
noun:
type: string
description: The type of object represented in the table.
example: accounts
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Robert.Chase
example: []
Entitlement:
description: A table of entitlements that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: entitlements
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Administrator
example: []
Identity:
description: A table of identities that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: identities
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Carol Shelby
example: []
signedS3Url:
type: string
description: The Amazon S3 URL to download the report from.
example: 'https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc'
- title: Source Account Created
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Account Deleted
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Account Updated
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Created
type: object
required:
- id
- name
- type
- created
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
created:
type: string
format: date-time
description: The date and time the source was created.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who created the source.
properties:
type:
type: string
description: DTO type of identity who created the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who created the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who created the source.
example: William Wilson
- title: Source Deleted
type: object
required:
- id
- name
- type
- deleted
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
deleted:
type: string
format: date-time
description: The date and time the source was deleted.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who deleted the source.
properties:
type:
type: string
description: DTO type of identity who deleted the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who deleted the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who deleted the source.
example: William Wilson
- title: Source Updated
type: object
required:
- id
- name
- type
- modified
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The user friendly name of the source.
example: Corporate Active Directory
type:
type: string
description: The connection type of the source.
example: DIRECT_CONNECT
modified:
type: string
format: date-time
description: The date and time the source was modified.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- type
- name
type: object
description: Identity who updated the source.
properties:
type:
type: string
description: DTO type of identity who updated the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who updated the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who updated the source.
example: William Wilson
- title: VA Cluster Status Change Event
type: object
required:
- created
- type
- application
- healthCheckResult
- previousHealthCheckResult
properties:
created:
type: string
format: date-time
description: The date and time the status change occurred.
example: '2020-06-29T22:01:50.474Z'
type:
enum:
- SOURCE
- CLUSTER
description: The type of the object that initiated this event.
example: CLUSTER
application:
type: object
description: Details about the `CLUSTER` or `SOURCE` that initiated this event.
required:
- id
- name
- attributes
properties:
id:
type: string
description: The GUID of the application
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The name of the application
example: Production VA Cluster
attributes:
type: object
description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy.
additionalProperties: true
nullable: true
example: null
healthCheckResult:
type: object
description: The results of the most recent health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Succeeded
previousHealthCheckResult:
type: object
description: The results of the last health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Failed
outputSchema:
type: string
description: The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of `REQUEST_RESPONSE`.
nullable: true
example: '{"definitions":{"record:AccessRequestDynamicApproverOutput":{"type":["null","object"],"required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverOutput"}'
exampleOutput:
description: An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event.
nullable: true
oneOf:
- title: Access Request Dynamic Approver
type: object
nullable: true
required:
- id
- name
- type
properties:
id:
type: string
description: The unique ID of the identity to add to the approver list for the access request.
example: 2c91808b6ef1d43e016efba0ce470906
name:
type: string
description: The name of the identity to add to the approver list for the access request.
example: Adam Adams
type:
enum:
- IDENTITY
- GOVERNANCE_GROUP
description: The type of object being referenced.
example: IDENTITY
- title: Access Request Pre Approval
type: object
required:
- approved
- comment
- approver
properties:
approved:
type: boolean
description: Whether or not to approve the access request.
example: false
comment:
type: string
description: A comment about the decision to approve or deny the request.
example: 'This access should be denied, because this will cause an SOD violation.'
approver:
type: string
description: The name of the entity that approved or denied the request.
example: AcmeCorpExternalIntegration
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:read'
/trigger-subscriptions:
post:
operationId: createSubscription
tags:
- Triggers
summary: Create a Subscription
description: |-
This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required:
* HTTP subscriptions require httpConfig
* EventBridge subscriptions require eventBridgeConfig
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- triggerId
- type
- name
properties:
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-requested'
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'201':
description: New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:manage'
get:
operationId: listSubscriptions
tags:
- Triggers
summary: List Subscriptions
description: Gets a list of all trigger subscriptions.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: false
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**triggerId**: *eq*
**type**: *eq, le*
example: id eq "12cff757-c0c0-413b-8ad7-2a47956d1e89"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **triggerId, triggerName**
example: triggerName
responses:
'200':
description: List of subscriptions.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: null
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: null
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:read'
'/trigger-subscriptions/{id}':
put:
operationId: updateSubscription
tags:
- Triggers
summary: Update a Subscription
description: |-
This API updates a trigger subscription in IdentityNow, using a full object representation. In other words, the existing
Subscription is completely replaced. The following fields are immutable:
* id
* triggerId
Attempts to modify these fields result in 400.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'200':
description: Updated subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:manage'
patch:
operationId: patchSubscription
tags:
- Triggers
summary: Patch a Subscription
description: |-
This API updates a trigger subscription in IdentityNow, using a set of instructions to modify a subscription partially. The following fields are patchable:
**name**, **description**, **enabled**, **type**, **filter**, **responseDeadline**, **httpConfig**, **eventBridgeConfig**, **workflowConfig**
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the Subscription to patch
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
requestBody:
required: true
content:
application/json-patch+json:
schema:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
anyOf:
- type: string
- type: integer
- type: object
- type: array
items:
anyOf:
- type: string
- type: integer
- type: object
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: A new description
- op: replace
path: /name
value: A new name
responses:
'200':
description: Updated subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:manage'
delete:
operationId: deleteSubscription
tags:
- Triggers
summary: Delete a Subscription
description: Deletes an existing subscription to a trigger.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
responses:
'204':
description: Subscription is deleted successfully.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:manage'
/trigger-subscriptions/validate-filter:
post:
operationId: testSubscriptionFilter
tags:
- Triggers
summary: Validate a Subscription Filter
description: |-
Validates a JSONPath filter expression against a provided mock input.
Request requires a security scope of:
requestBody:
required: true
content:
application/json:
schema:
required:
- input
- filter
type: object
properties:
input:
type: object
description: Mock input to evaluate filter expression against.
example:
identityId: 201327fda1c44704ac01181e963d463c
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
example:
input:
identityId: 201327fda1c44704ac01181e963d463c
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'200':
description: Boolean whether specified filter expression is valid against the input.
content:
application/json:
schema:
type: object
properties:
isValid:
type: boolean
default: false
description: 'When this field is true, the filter expression is valid against the input.'
example: true
isValidJSONPath:
type: boolean
default: false
description: 'When this field is true, the filter expression is using a valid JSON path.'
example: true
isPathExist:
type: boolean
default: false
description: 'When this field is true, the filter expression is using an existing path.'
example: true
example:
isValid: true
isValidJSONPath: true
isPathExist: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-subscriptions:manage'
/trigger-invocations/status:
get:
operationId: listTriggerInvocationStatus
tags:
- Triggers
summary: List Latest Invocation Statuses
description: |-
Gets a list of latest invocation statuses.
Statuses of successful invocations are available for up to 24 hours. Statuses of failed invocations are available for up to 48 hours.
This endpoint may only fetch up to 2000 invocations, and should not be treated as a representation of the full history of invocations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**triggerId**: *eq*
**subscriptionId**: *eq*
example: 'triggerId eq "idn:access-request-dynamic-approver"'
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **triggerId, subscriptionName, created, completed**
example: created
responses:
'200':
description: List of latest invocation statuses.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- triggerId
- subscriptionId
- startInvocationInput
- type
- subscriptionName
- created
properties:
id:
type: string
description: Invocation ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
triggerId:
type: string
description: Trigger ID
example: 'idn:access-request-post-approval'
subscriptionName:
type: string
description: Subscription name
example: Access request subscription
subscriptionId:
type: string
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
type:
type: string
description: |-
Defines the Invocation type.
**TEST** The trigger was invocated as a test, either via the test subscription button in the UI or via the start test invocation API.
**REAL_TIME** The trigger subscription is live and was invocated by a real event in IdentityNow.
enum:
- TEST
- REAL_TIME
example: TEST
created:
type: string
format: date-time
description: Invocation created timestamp. ISO-8601 in UTC.
example: '2020-03-27T20:40:10.738Z'
completed:
type: string
format: date-time
description: Invocation completed timestamp; empty fields imply invocation is in-flight or not completed. ISO-8601 in UTC.
example: '2020-03-27T20:42:14.738Z'
startInvocationInput:
description: Data related to start of trigger invocation.
type: object
properties:
triggerId:
type: string
description: Trigger ID
example: 'idn:access-requested'
input:
type: object
example:
identityId: 201327fda1c44704ac01181e963d463c
description: Trigger input payload. Its schema is defined in the trigger definition.
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata
completeInvocationInput:
description: Data related to end of trigger invocation.
type: object
properties:
localizedError:
type: object
nullable: true
description: Localized error message to indicate a failed invocation or error if any.
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
output:
type: object
nullable: true
example:
approved: false
description: Trigger output that completed the invocation. Its schema is defined in the trigger definition.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-invocation-status:read'
- 'sp:trigger-service-invocation-status:manage'
'/trigger-invocations/{id}/complete':
post:
operationId: completeTriggerInvocation
tags:
- Triggers
summary: Complete Trigger Invocation
description: Completes an invocation to a REQUEST_RESPONSE type trigger.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the invocation to complete.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
secret:
type: string
description: Unique invocation secret that was generated when the invocation was created. Required to authenticate to the endpoint.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
error:
type: string
description: The error message to indicate a failed invocation or error if any.
example: Access request is denied.
output:
type: object
example:
approved: false
description: Trigger output to complete the invocation. Its schema is defined in the trigger definition.
required:
- secret
- output
example:
secret: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
output:
approved: false
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/trigger-invocations/test:
post:
operationId: startTestTriggerInvocation
tags:
- Triggers
summary: Start a Test Invocation
description: 'Initiate a test event for all subscribers of the specified event trigger. If there are no subscribers to the specified trigger in the tenant, then no test event will be sent.'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
triggerId:
type: string
example: 'idn:access-request-post-approval'
description: Trigger ID
input:
type: object
example:
identityId: 201327fda1c44704ac01181e963d463c
description: 'Mock input to use for test invocation. This must adhere to the input schema defined in the trigger being invoked. If this property is omitted, then the default trigger sample payload will be sent.'
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata.
subscriptionIds:
type: array
items:
type: string
example:
- 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
description: 'Only send the test event to the subscription IDs listed. If omitted, the test event will be sent to all subscribers.'
required:
- triggerId
- contentJson
examples:
Test Trigger with Mock Input:
value:
triggerId: 'idn:access-requested'
input:
identityId: 201327fda1c44704ac01181e963d463c
contentJson:
workflowId: 1234
Send Test to only One Subscriber:
value:
triggerId: 'idn:access-requested'
contentJson:
workflowId: 1234
subscriptionIds:
- 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
responses:
'200':
description: Test trigger invocations that have been started for specified subscription(s).
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Invocation ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
triggerId:
type: string
description: Trigger ID
example: 'idn:access-requested'
secret:
type: string
description: Unique invocation secret.
example: 0f979022-08be-44f2-b6f9-7393ec73ed9b
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata.
'204':
description: 'Trigger invocation is skipped, because tenant has not subscribed to the specified trigger.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'sp:trigger-service-invocation-status:manage'
/ui-metadata/tenant:
get:
operationId: getTenantUiMetadata
tags:
- UI Metadata
summary: Get a tenant UI metadata
description: |-
This API endpoint retrieves UI metadata configured for your tenant.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:ui-access-metadata-page:read'
responses:
'200':
description: A tenant UI metadata object
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setTenantUiMetadata
tags:
- UI Metadata
summary: Update tenant UI metadata
description: |-
This API endpoint updates UI metadata for your tenant. These changes may require up to 5 minutes to take effect on the UI.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
security:
- UserContextAuth:
- 'idn:ui-access-metadata-page:manage'
responses:
'200':
description: A tenant UI metadata object
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/verified-from-addresses:
get:
operationId: listFromAddresses
tags:
- Notifications
summary: List From Addresses
description: Retrieve a list of sender email addresses and their verification statuses
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**email**: *eq, ge, le, sw*
example: email eq "john.doe@company.com"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **email**
example: email
responses:
'200':
description: List of Email Status
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createVerifiedFromAddress
tags:
- Notifications
summary: Create Verified From Address
description: Create a new sender email address and initiate verification process.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example:
email: sender@example.com
responses:
'201':
description: New Verified Email Status
content:
application/json:
schema:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/verified-from-addresses/{id}':
delete:
operationId: deleteVerifiedFromAddress
tags:
- Notifications
summary: Delete Verified From Address
description: Delete a verified sender email address
parameters:
- in: path
name: id
schema:
type: string
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/verified-domains:
get:
security:
- UserContextAuth:
- 'sp:notification-dkim-attributes:read'
operationId: getDkimAttributes
tags:
- Notifications
summary: Get DKIM Attributes
description: Retrieve DKIM (DomainKeys Identified Mail) attributes for all your tenants' AWS SES identities. Limits retrieval to 100 identities per call.
responses:
'200':
description: List of DKIM Attributes
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
example: 123b45b0-aaaa-bbbb-a7db-123456a56abc
description: UUID associated with domain to be verified
address:
type: string
example: BobSmith@sailpoint.com
description: The identity or domain address
dkimEnabled:
type: boolean
default: false
example: true
description: Whether or not DKIM has been enabled for this domain / identity
dkimTokens:
type: array
items:
type: string
example:
- uq1m3jjk25ckd3whl4n7y46c56r5l6aq
- u7pm38jky9ckdawhlsn7y4dcj6f5lpgq
- uhpm3jjkjjckdkwhlqn7yw6cjer5tpay
description: The tokens to be added to a DNS for verification
dkimVerificationStatus:
type: string
example: Success
description: 'The current status if the domain /identity has been verified. Ie Success, Failed, Pending'
description: DKIM attributes for a domain or identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
security:
- UserContextAuth:
- 'sp:notification-verify-domain-dkim:write'
operationId: createDomainDkim
tags:
- Notifications
summary: Verify domain address via DKIM
description: Create a domain to be verified via DKIM (DomainKeys Identified Mail)
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
domain:
type: string
example: sailpoint.com
description: A domain address
responses:
'200':
description: List of DKIM tokens required for the verification process.
content:
application/json:
schema:
type: object
properties:
id:
type: string
example: 123b45b0-aaaa-bbbb-a7db-123456a56abc
description: New UUID associated with domain to be verified
domain:
type: string
example: sailpoint.com
description: A domain address
dkimEnabled:
default: false
example: true
description: DKIM is enabled for this domain
dkimTokens:
type: array
items:
type: string
example:
- token1
- token2
- token3
description: DKIM tokens required for authentication
dkimVerificationStatus:
type: string
example: PENDING
description: Status of DKIM authentication
description: Domain status DTO containing everything required to verify via DKIM
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-policies:
post:
operationId: createSodPolicy
tags:
- SOD Policies
summary: Create SOD policy
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy.
Requires role of ORG_ADMIN.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
name: Conflicting-Policy-Name
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
name: General-Policy-Name
responses:
'201':
description: SOD policy created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listSodPolicies
tags:
- SOD Policies
summary: List SOD policies
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:read'
description: |-
This gets list of all SOD policies.
Requires role of ORG_ADMIN
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in*
**state**: *eq, in*
example: id eq "bc693f07e7b645539626c25954c58554"
required: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, description**
responses:
'200':
description: List of all SOD policies.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
example:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
- description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}':
get:
operationId: getSodPolicy
tags:
- SOD Policies
summary: Get SOD policy by ID
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:read'
description: |-
This gets specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: SOD policy ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSodPolicy
tags:
- SOD Policies
summary: Update SOD policy by ID
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
This updates a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy to update.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
responses:
'200':
description: SOD Policy by ID
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSodPolicy
tags:
- SOD Policies
summary: Delete SOD policy by ID
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
This deletes a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD Policy to delete.
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: logical
schema:
type: boolean
default: true
description: Indicates whether this is a soft delete (logical true) or a hard delete.
required: false
example: true
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSodPolicy
tags:
- SOD Policies
summary: Patch a SOD policy
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Requires role of ORG_ADMIN.
This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy being modified.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: |
A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* ownerRef
* externalPolicyReference
* compensatingControls
* correctionAdvice
* state
* tags
* violationOwnerAssignmentConfig
* scheduled
* conflictingAccessCriteria
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Conflicting Access Based Policy:
value:
- op: replace
path: /description
value: Modified description
- op: replace
path: /conflictingAccessCriteria/leftCriteria/name
value: money-in-modified
- op: replace
path: /conflictingAccessCriteria/rightCriteria
value:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
- op: replace
path: /description
value: Modified description
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the SOD policy''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy business name.
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy.
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional external policy reference.
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy.
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls (Mitigating Controls).
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice.
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: Whether the policy is enforced or not.
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: Tags for the policy object.
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: Defines whether a policy has been scheduled or not.
example: true
default: false
type:
type: string
description: Whether a policy is query based or conflicting access based.
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: DTO type
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in-modified
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
description: Modified description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/schedule':
get:
operationId: getSodPolicySchedule
tags:
- SOD Policies
summary: Get SOD policy schedule
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:read'
description: |-
This endpoint gets a specified SOD policy's schedule.
Requires the role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: SOD policy ID.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPolicySchedule
tags:
- SOD Policies
summary: Update SOD Policy schedule
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
This updates schedule for a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy to update its schedule.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
responses:
'200':
description: SOD policy by ID.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSodPolicySchedule
tags:
- SOD Policies
summary: Delete SOD policy schedule
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-policy:write'
description: |-
This deletes schedule for a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy the schedule must be deleted for.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report/run':
post:
operationId: startSodPolicy
tags:
- SOD Policies
summary: Runs SOD policy violation report
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:write'
description: |-
This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The SOD policy ID to run.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report':
get:
operationId: getSodViolationReportStatus
tags:
- SOD Policies
summary: Get SOD violation report status
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This gets the status for a violation report run task that has already been invoked.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violations/predict:
post:
operationId: startPredictSodViolations
tags:
- SOD Violations
summary: Predict SOD violations for identity.
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Identity id to be checked.
type: string
example: 2c91808568c529c60168cca6f90c1313
accessRefs:
description: The list of entitlements to consider for possible violations in a preventive check.
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
example:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
example:
identityId: 2c91808568c529c60168cca6f90c1313
accessRefs:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
responses:
'200':
description: Violation Contexts
content:
application/json:
schema:
description: An object containing a listing of the SOD violation reasons detected by this check.
required:
- requestId
type: object
properties:
violationContexts:
type: array
description: List of Violation Contexts
items:
type: object
properties:
policy:
allOf:
- type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- type: object
properties:
type:
type: string
example: SOD_POLICY
name:
type: string
example: A very cool policy name
description: The types of objects supported for SOD policy violations.
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object supported for SOD policy violations.
conflictingAccessCriteria:
nullable: false
type: object
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
rightCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/sod-violation-report-status/{reportResultId}':
get:
operationId: getSodViolationReportRunStatus
tags:
- SOD Policies
summary: Get violation report run status
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This gets the status for a violation report run task that has already been invoked.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to retrieve.
example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report/run:
post:
operationId: startSodAllPoliciesForOrg
tags:
- SOD Policies
summary: Runs all policies for org
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:write'
description: |-
Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.
Requires role of ORG_ADMIN.
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
filteredPolicyList:
type: array
description: Multi-policy report will be run for this list of ids
items:
type: string
example:
filteredPolicyList:
- b868cd40-ffa4-4337-9c07-1a51846cfa94
- 63a07a7b-39a4-48aa-956d-50c827deba2a
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report:
get:
operationId: getSodAllReportRunStatus
tags:
- SOD Policies
summary: Get multi-report run task status
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This endpoint gets the status for a violation report for all policy run.
Requires role of ORG_ADMIN.
responses:
'200':
description: Status of the violation report run task for all policy run.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download':
get:
operationId: getDefaultViolationReport
tags:
- SOD Policies
summary: Download violation report
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This allows to download a violation report for a given report reference.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Returns the PolicyReport.zip that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download/{fileName}':
get:
operationId: getCustomViolationReport
tags:
- SOD Policies
summary: Download custom violation report
deprecated: true
security:
- UserContextAuth:
- 'idn:sod-violation:read'
description: |-
This allows to download a specified named violation report for a given report reference.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: fileName
schema:
type: string
required: true
description: Custom Name for the file.
example: custom-name
responses:
'200':
description: Returns the zip file with given custom name that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items:
get:
operationId: listWorkItems
tags:
- Work Items
summary: List Work Items
description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/work-items/completed:
get:
operationId: getCompletedWorkItems
tags:
- Work Items
summary: Completed Work Items
description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.'
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of completed work items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/work-items/count:
get:
operationId: getCountWorkItems
tags:
- Work Items
summary: Count Work Items
description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/work-items/completed/count:
get:
operationId: getCountCompletedWorkItems
tags:
- Work Items
summary: Count Completed Work Items
description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: array
items:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/work-items/summary:
get:
operationId: getWorkItemsSummary
tags:
- Work Items
summary: Work Items Summary
description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/{id}':
get:
operationId: getWorkItem
tags:
- Work Items
summary: Get a Work Item
description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
- in: path
name: id
schema:
type: string
required: true
description: ID of the work item.
responses:
'200':
description: The work item with the given ID.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
post:
operationId: completeWorkItem
tags:
- Work Items
summary: Complete a Work Item
description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A WorkItems object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/{id}/forward':
post:
operationId: forwardWorkItem
tags:
- Work Items
summary: Forward a Work Item
description: 'This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- targetOwnerId
- comment
properties:
targetOwnerId:
type: string
description: The ID of the identity to forward this work item to.
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: Comments to send to the target owner
example: I'm going on vacation.
sendNotifications:
type: boolean
description: 'If true, send a notification to the target owner.'
default: true
example: true
responses:
'200':
description: 'Success, but no data is returned.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/approve/{approvalItemId}':
post:
operationId: approveApprovalItem
tags:
- Work Items
summary: Approve an Approval Item
description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/{id}/reject/{approvalItemId}':
post:
operationId: rejectApprovalItem
tags:
- Work Items
summary: Reject an Approval Item
description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/bulk-approve/{id}':
post:
operationId: approveApprovalItemsInBulk
tags:
- Work Items
summary: Bulk approve Approval Items
description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/bulk-reject/{id}':
post:
operationId: rejectApprovalItemsInBulk
tags:
- Work Items
summary: Bulk reject Approval Items
description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'/work-items/{id}/submit-account-selection':
post:
operationId: submitAccountSelection
tags:
- Work Items
summary: Submit Account Selections
description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
example:
fieldName: fieldValue
description: 'Account Selection Data map, keyed on fieldName'
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
nullable: true
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
requesterDisplayName:
type: string
nullable: true
description: The displayname of the requester
example: John Smith
ownerId:
type: string
nullable: true
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
type:
type: string
enum:
- Unknown
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyViolation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
approvalItems:
nullable: true
type: array
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
nullable: true
description: The account referenced by the approval item
example: john.smith
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
nullable: true
description: The attribute's name
example: emailAddress
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
nullable: true
description: The attribute's value
example: a@b.com
state:
type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
name:
type: string
nullable: true
description: The work item name
example: Account Create
completed:
type: string
nullable: true
format: date-time
example: '2018-10-19T13:49:37.385Z'
numItems:
type: integer
nullable: true
description: The number of items in the work item
example: 19
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
form:
type: object
nullable: true
properties:
id:
type: string
nullable: true
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
nullable: true
description: Name of the form
example: AccountSelection Form
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/workflows:
post:
operationId: createWorkflow
tags:
- Workflows
summary: Create Workflow
description: Create a new workflow with the desired trigger and steps specified in the request body.
security:
- UserContextAuth:
- 'sp:workflow:manage'
requestBody:
required: true
content:
application/json:
schema:
allOf:
- required:
- name
- owner
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
examples:
Event Trigger:
description: Workflow initiated by an event trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
filter: '$.changes[?(@.attribute == ''manager'')]'
Scheduled Trigger:
description: Workflow initiated by a scheduled trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: SCHEDULED
attributes:
cronString: 0 * */3 */5 *
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: 2023-12-05T15:18:27.699Z
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listWorkflows
tags:
- Workflows
summary: List Workflows
description: List all workflows in the tenant.
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflows
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: 2023-12-05T15:18:27.699Z
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}':
get:
operationId: getWorkflow
tags:
- Workflows
summary: Get Workflow By Id
description: Get a single workflow by id.
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: 2023-12-05T15:18:27.699Z
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updateWorkflow
tags:
- Workflows
summary: Update Workflow
description: Perform a full update of a workflow. The updated workflow object is returned in the response.
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: 2023-12-05T15:18:27.699Z
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchWorkflow
tags:
- Workflows
summary: Patch Workflow
description: 'Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.'
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Update all patchable fields:
description: Demonstrate how to update each patchable field in one PATCH request.
value:
- op: replace
path: /name
value: Send Email
- op: replace
path: /owner
value:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
- op: replace
path: /description
value: Send an email to the identity who's attributes changed.
- op: replace
path: /enabled
value: false
- op: replace
path: /definition
value:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
- op: replace
path: /trigger
value:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: 2023-12-05T15:18:27.699Z
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
description: Workflow Trigger.
type: object
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
description:
type: string
description: Description of the event trigger
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
cronString:
type: string
example: 0 9 * * 1
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteWorkflow
tags:
- Workflows
summary: Delete Workflow By Id
description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled.
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/test':
post:
operationId: testWorkflow
tags:
- Workflows
summary: Test Workflow By Id
description: |-
Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/idn/docs/event-triggers/available) for an example input for the trigger that initiates this workflow.
This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint.
**This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.**
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- input
properties:
input:
type: object
description: The test input for the workflow.
examples:
Identity Attributes Changed:
description: Identity Attributes Changed Trigger Input
value:
input:
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
changes:
- attribute: department
oldValue: sales
newValue: marketing
- attribute: manager
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
- attribute: email
oldValue: john.doe@hotmail.com
newValue: john.doe@gmail.com
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/executions':
get:
operationId: getWorkflowExecutions
tags:
- Workflows
summary: List Workflow Executions
description: |-
Use this API to list a specified workflow's executions. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following:
1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows.
2. Get your workflow ID from the response.
3. You can then do either of the following:
- Filter to find relevant workflow executions.
For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"`
- Paginate through results with the `offset` parameter.
For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250.
Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination.
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Workflow ID.
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: status eq "Failed"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**startTime**: *eq, lt, le, gt, ge*
**status**: *eq*
required: false
responses:
'200':
description: 'List of workflow executions for the specified workflow. '
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Workflow execution ID.
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: Workflow ID.
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: Date/time when the workflow started.
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: Date/time when the workflow ended.
example: '2022-02-07T20:13:31.682410165Z'
status:
description: Workflow execution status.
type: string
enum:
- Completed
- Failed
- Canceled
- Executing
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}':
get:
operationId: getWorkflowExecution
tags:
- Workflows
summary: Get Workflow Execution
description: 'Use this API to get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response.'
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Workflow execution ID.
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: Workflow execution.
content:
application/json:
schema:
items:
type: object
properties:
id:
type: string
description: Workflow execution ID.
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: Workflow ID.
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: Date/time when the workflow started.
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: Date/time when the workflow ended.
example: '2022-02-07T20:13:31.682410165Z'
status:
description: Workflow execution status.
type: string
enum:
- Completed
- Failed
- Canceled
- Executing
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/history':
get:
operationId: getWorkflowExecutionHistory
tags:
- Workflows
summary: Get Workflow Execution History
description: 'Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.'
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow execution
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: List of workflow execution events for the given workflow execution
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
description: The type of event
enum:
- WorkflowExecutionScheduled
- WorkflowExecutionStarted
- WorkflowExecutionCompleted
- WorkflowExecutionFailed
- WorkflowTaskScheduled
- WorkflowTaskStarted
- WorkflowTaskCompleted
- WorkflowTaskFailed
- ActivityTaskScheduled
- ActivityTaskStarted
- ActivityTaskCompleted
- ActivityTaskFailed
example: WorkflowTaskScheduled
timestamp:
type: string
format: date-time
description: The date-time when the event occurred
example: '2022-02-07T20:13:31.640618296Z'
attributes:
type: object
description: Additional attributes associated with the event
example: {}
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/cancel':
post:
operationId: cancelWorkflowExecution
tags:
- Workflows
summary: Cancel Workflow Execution by ID
description: Use this API to cancel a running workflow execution.
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: The workflow execution ID
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library:
get:
operationId: listCompleteWorkflowLibrary
tags:
- Workflows
summary: List Complete Workflow Library
description: 'This lists all triggers, actions, and operators in the library'
externalDocs:
description: Additional documentation for workflows
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow steps
content:
application/json:
schema:
type: array
items:
anyOf:
- title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
nullable: true
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
exampleOutput:
oneOf:
- type: object
description: Example output
- type: array
items:
type: object
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
versionNumber:
type: integer
description: Version number
isSimulationEnabled:
type: boolean
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
- title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
type: string
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
outputSchema:
type: object
description: Example output schema
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
- title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
formFields:
type: array
nullable: true
description: One or more inputs that the operator accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/actions:
get:
operationId: listWorkflowLibraryActions
tags:
- Workflows
summary: List Workflow Library Actions
description: This lists the workflow actions available to you.
externalDocs:
description: Additional documentation for each action
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#actions'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "sp:create-campaign"'
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow actions
content:
application/json:
schema:
type: array
items:
title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
nullable: true
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
exampleOutput:
oneOf:
- type: object
description: Example output
- type: array
items:
type: object
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
versionNumber:
type: integer
description: Version number
isSimulationEnabled:
type: boolean
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/triggers:
get:
operationId: listWorkflowLibraryTriggers
tags:
- Workflows
summary: List Workflow Library Triggers
description: This lists the workflow triggers available to you
externalDocs:
description: Additional documentation for each trigger
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#triggers'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "idn:identity-attributes-changed"'
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow triggers
content:
application/json:
schema:
type: array
items:
title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
type: string
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
outputSchema:
type: object
description: Example output schema
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/operators:
get:
operationId: listWorkflowLibraryOperators
tags:
- Workflows
summary: List Workflow Library Operators
description: This lists the workflow operators available to you
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow operators
content:
application/json:
schema:
type: array
items:
title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
formFields:
type: array
nullable: true
description: One or more inputs that the operator accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/external/oauth-clients':
post:
operationId: postWorkflowExternalTrigger
tags:
- Workflows
summary: Generate External Trigger OAuth Client
description: 'Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.'
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The OAuth Client object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: OAuth client ID for the trigger. This is a UUID generated upon creation.
example: 1a58c03a6bf64dc2876f6988c6e2c7b7
secret:
type: string
description: OAuthClient secret.
example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b
url:
type: string
description: URL for the external trigger to invoke
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}':
post:
operationId: postExternalExecuteWorkflow
tags:
- Workflows
summary: Execute Workflow via External Trigger
description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body.
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The input for the workflow
example:
customAttribute1: value1
customAttribute2: value2
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
message:
type: string
description: An error message if any errors occurred
example: Workflow was not executed externally. Check enabled flag on workflow definition
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}/test':
post:
operationId: testExternalExecuteWorkflow
tags:
- Workflows
summary: Test Workflow via External Trigger
description: 'Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.'
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The test input for the workflow
example:
test: hello world
responses:
'200':
description: Responds with the test input
content:
application/json:
schema:
type: object
properties:
payload:
type: object
description: The input that was received
example:
test: hello world
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workgroups:
get:
operationId: listWorkgroups
tags:
- Governance Groups
summary: List Governance Groups
description: This API returns list of Governance Groups
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**name**: *eq, sw, in*
**memberships.identityId**: *eq, in*
example: name sw "Test"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified, id, description**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Governance Groups
content:
application/json:
schema:
type: array
items:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:read'
post:
operationId: createWorkgroup
security:
- UserContextAuth:
- 'idn:workgroup:write'
tags:
- Governance Groups
summary: Create a new Governance Group.
description: This API creates a new Governance Group.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
responses:
'200':
description: Governance Group object created.
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workgroups/{id}':
get:
operationId: getWorkgroup
tags:
- Governance Groups
summary: Get Governance Group by Id
description: This API returns a Governance Groups by its ID.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
responses:
'200':
description: A Governance Group
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:read'
delete:
operationId: deleteWorkgroup
tags:
- Governance Groups
summary: Delete a Governance Group
description: This API deletes a Governance Group by its ID.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:write'
patch:
operationId: patchWorkgroup
tags:
- Governance Groups
summary: Patch a Governance Group
description: |-
This API updates an existing governance group by ID.
The following fields and objects are patchable:
* name
* description
* owner
A token with API or ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Replace Description:
description: Replace description of a Governance Group.
value:
- op: replace
path: /description
value: Governance Group new description.
responses:
'200':
description: A Governance Group.
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:write'
/workgroups/bulk-delete:
post:
operationId: deleteWorkgroupsInBulk
summary: Delete Governance Group(s)
tags:
- Governance Groups
description: |-
This API initiates a bulk deletion of one or more Governance Groups.
> If any of the indicated Governance Groups have one or more connections associated with it,then those Governance Groups will be added in **inUse** list of the response. Governance Group(s) marked as **inUse** can not be deleted.
> If any of the indicated Governance Groups is not does not exists in Organization,then those Governance Groups will be added in **notFound** list of the response. Governance Groups marked as **notFound** will not be deleted.
> If any of the indicated Governance Groups does not have any connections associated with it,then those Governance Groups will be added in **deleted** list of the response. A Governance Group marked as **deleted** will be deleted from current Organization.
> If the request contains any **inUse** or **notFound** Governance Group IDs then it skips only these Governance Groups for deletion and deletes the rest of Governance Groups which have no connections associated with it.
> **This API has limit number of Governance Groups can be deleted at one time. If the request contains more then 100 Governance Groups IDs to be deleted then the API will throw an exception.**
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: List of IDs of Governance Groups to be deleted.
type: array
items:
type: string
example:
- 567a697e-885b-495a-afc5-d55e1c23a302
- c7b0f7b2-1e78-4063-b294-a555333dacd2
example:
ids:
- 567a697e-885b-495a-afc5-d55e1c23a302
- c7b0f7b2-1e78-4063-b294-a555333dacd2
responses:
'207':
description: Governance Group bulk delete response.
content:
application/json:
schema:
description: Bulk remove Governance Groups Response.
type: array
items:
type: object
properties:
id:
description: Id of the Governance Group.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
type: string
description: |
The HTTP response status code returned for an individual Governance Group that is requested for deletion during a bulk delete operation.
> 204 - Governance Group deleted successfully.
> 409 - Governance Group is in use,hence can not be deleted.
> 404 - Governance Group not found.
example: 204
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
example: |
> Governance Group deleted successfully.
> Unable to delete Governance Group f80bba83-98c4-4ec2-81c8-373c00e9663b because it is in use.
> Referenced Governance Group 2b711763-ed35-42a2-a80c-8f1ce0dc4a7f was not found.
type: string
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: '204'
description: Governance Group deleted successfully.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:write'
'/workgroups/{workgroupId}/connections':
get:
operationId: listConnections
tags:
- Governance Groups
summary: List connections for Governance Group
description: This API returns list of connections associated with a Governance Group.
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List all connections associated with a Governance Group.
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
description: Connected object to Governance Group
type: object
properties:
type:
description: Connection Object type
type: string
enum:
- ACCESS_PROFILE
- ROLE
- SOD_POLICY
- SOURCE
example: ACCESS_PROFILE
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable name of Connected object
example: Employee-database-read-write
description:
type: string
description: Description of the Connected object.
example: Collection of entitlements to read/write the employee database.
connectionType:
description: Connection Type.
type: string
enum:
- AccessRequestReviewer
- Owner
- ManagementWorkgroup
example: AccessRequestReviewer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:read'
'/workgroups/{workgroupId}/members':
get:
operationId: listWorkgroupMembers
tags:
- Governance Groups
summary: List Governance Group Members
description: This API returns list of members associated with a Governance Group.
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List all members associated with a Governance Group.
content:
application/json:
schema:
type: array
items:
type: object
description: Identity of workgroup member.
properties:
type:
type: string
description: Workgroup member identity DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workgroup member identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workgroup member identity display name.
example: Michael Michaels
email:
type: string
description: Workgroup member identity email.
example: michael.michaels@sailpoint.com
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:workgroup:read'
'/workgroups/{workgroupId}/members/bulk-add':
post:
operationId: updateWorkgroupMembers
security:
- UserContextAuth:
- 'idn:workgroup:write'
tags:
- Governance Groups
summary: Add members to Governance Group
description: |-
This API adds one or more members to a Governance Group. A token with API, ORG_ADMIN authority is required to call this API.
> **Following field of Identity is an optional field in the request.**
> **name**
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
description: List of identities to be added to a Governance Group members list.
required: true
content:
application/json:
schema:
description: List of identities to be added or removed to a Governance Group members list.
type: array
items:
type: object
description: Identity's basic details.
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's display name.
example: Michael Michaels
example:
- type: IDENTITY
id: 464ae7bf791e49fdb74606a2e4a89635
name: Addie Smith
responses:
'207':
description: List of added and not added identities into Governance Group members list.
content:
application/json:
schema:
description: Bulk add Governance Group members Response.
type: array
items:
type: object
properties:
id:
description: Identifier of identity in bulk member add request.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
description: |
The HTTP response status code returned for an individual member that is requested for addition during a bulk add operation.
The HTTP response status code returned for an individual Governance Group is requested for deletion.
> 201 - Identity is added into Governance Group members list.
> 409 - Identity is already member of Governance Group.
type: string
example: '201'
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Identity is added into Governance Group members list.
> Unable to set Membership of Identity "3244d5f2d04447498520f54c6789ae33" to Governance Group "f80bba83-98c4-4ec2-81c8-373c00e9663b"; the relationship already exists.
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: '201'
description: Identity added to Governance Group members list.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workgroups/{workgroupId}/members/bulk-delete':
post:
operationId: deleteWorkgroupMembers
security:
- UserContextAuth:
- 'idn:workgroup:write'
tags:
- Governance Groups
summary: Remove members from Governance Group
description: |-
This API removes one or more members from a Governance Group. A token with API, ORG_ADMIN authority is required to call this API.
> **Following field of Identity is an optional field in the request.**
> **name**
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
description: List of identities to be removed from a Governance Group members list.
required: true
content:
application/json:
schema:
description: List of identities to be added or removed to a Governance Group members list.
type: array
items:
type: object
description: Identity's basic details.
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's display name.
example: Michael Michaels
example:
- type: IDENTITY
id: 464ae7bf791e49fdb74606a2e4a89635
name: Addie Smith
responses:
'207':
description: List of deleted and not deleted identities from Governance Group members list.
content:
application/json:
schema:
description: Bulk add Governance Group members Response.
type: array
items:
type: object
properties:
id:
description: Identifier of identity in bulk member add /remove request.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
description: |
The HTTP response status code returned for an individual member that is requested for deletion during a bulk delete operation.
> 204 - Identity is removed from Governance Group members list.
> 404 - Identity is not member of Governance Group.
type: string
example: '204'
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Identity deleted from Governance Group members list.
> Referenced Governance Group Member with Identity Id "bc3a744678534eb78a8002ee2085df64" was not found.
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: '204'
description: Identity deleted from Governance Group members list.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/form-definitions:
get:
tags:
- Custom Forms
summary: Export form definitions by tenant.
description: No parameters required.
operationId: searchFormDefinitionsByTenant
parameters:
- name: offset
in: query
description: |-
Offset
Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
The offset value is record-based, not page-based, and the index starts at 0.
schema:
type: integer
format: int64
default: 0
example: 250
required: false
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 250
example: 250
required: false
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, gt, sw, in*
**description**: *eq, gt, sw, in*
**created**: *eq, gt, sw, in*
**modified**: *eq, gt, sw, in*
schema:
type: string
example: name sw "my form"
required: false
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, created, modified**
schema:
type: string
default: name
example: name
required: false
responses:
'200':
description: Returns a list of form definitions by tenant
content:
application/json:
schema:
properties:
count:
description: Count number of results.
example: 1
format: int64
type: integer
results:
description: List of FormDefinitionResponse items.
items:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
type: object
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
security:
- UserContextAuth:
- 'sp:forms:manage'
post:
tags:
- Custom Forms
summary: Creates a form definition.
operationId: createFormDefinition
requestBody:
description: Body is the request payload to create form definition request
content:
application/json:
schema:
properties:
description:
description: Description is the form definition description
example: My form description
maxLength: 2000
minLength: 0
type: string
x-go-name: Description
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formElements:
description: FormElements is a list of nested form elements
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formInput:
description: FormInput is a list of form inputs that are required when creating a form-instance object
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
name:
description: Name is the form definition name
example: My form
maxLength: 255
type: string
x-go-name: Name
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: UsedBy is a list of objects where when any system uses a particular form it reaches out to the form service to record it is currently being used
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
required:
- name
- owner
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
name: my form
description: my form description
owner:
type: IDENTITY
id: 00000000-0000-0000-0000-000000000000
formElements:
- id: '000000000000'
elementType: SECTION
config:
alignment: LEFT
description: 'elementType must be ''SECTION'' for the root formElements, child formElements must be within the ''config'' attribute'
label: Section
labelStyle: h2
showLabel: true
formElements:
- id: '0000000000000'
key: textField
elementType: TEXT
config:
default: ''
description: ''
helpText: form element type text
label: Text Field
placeholder: ''
required: false
validations: []
required: false
responses:
'201':
description: Returns a new form definition
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
statusCode:
type: integer
format: int64
trackingId:
type: string
security:
- UserContextAuth:
- 'sp:forms:manage'
'/form-definitions/{formDefinitionID}':
get:
tags:
- Custom Forms
summary: Return a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: getFormDefinitionByKey
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
responses:
'200':
description: Returns a form definition
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
delete:
tags:
- Custom Forms
summary: Deletes a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: deleteFormDefinition
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
responses:
'204':
description: Returns an empty body
content:
application/json:
schema:
title: Nil represents the predeclared value nil.
type: object
x-go-package: go/types
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
patch:
tags:
- Custom Forms
summary: Patch a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: patchFormDefinition
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
requestBody:
description: 'Body is the request payload to patch a form definition, check: https://jsonpatch.com'
content:
application/json:
schema:
title: Patch is an ordered collection of Operations.
description: Patch is an ordered collection of Operations.
type: array
example:
- op: replace
path: /description
value: a new description
items:
title: 'Operation is a single JSON-Patch step, such as a single ''add'' operation.'
type: object
additionalProperties:
type: object
properties: {}
x-go-package: github.com/evanphx/json-patch
x-go-package: github.com/evanphx/json-patch
example:
- op: replace
path: /description
value: test-description
required: false
responses:
'200':
description: Returns the form definition updated
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/data-source':
post:
tags:
- Custom Forms
summary: Preview form definition data source.
operationId: showPreviewDataSource
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 10
x-go-name: Limit
example: 10
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**value**: *eq, ne, in*
Supported composite operators: *not*
Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")`
schema:
type: string
x-go-name: Filters
example: value eq "ID01"
required: false
x-go-name: Filters
- name: query
in: query
description: 'String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields.'
schema:
type: string
x-go-name: Query
example: ac
required: false
x-go-name: Query
requestBody:
description: Body is the request payload to create a form definition dynamic schema
content:
application/json:
schema:
properties:
dataSource:
properties:
config:
properties:
aggregationBucketField:
description: AggregationBucketField is the aggregation bucket field name
example: attributes.cloudStatus.exact
type: string
x-go-name: AggregationBucketField
indices:
description: Indices is a list of indices to use
example:
- identities
items:
enum:
- accessprofiles
- accountactivities
- entitlements
- identities
- events
- roles
- '*'
type: string
x-go-enum-desc: |-
accessprofiles SearchIndexAccessProfiles
accountactivities SearchIndexAccountActivities
entitlements SearchIndexEntitlements
identities SearchIndexIdentities
events SearchIndexEvents
roles SearchIndexRoles
* SearchIndexWildcard
type: array
x-go-name: Indices
objectType:
description: |-
ObjectType is a PreDefinedSelectOption value
IDENTITY PreDefinedSelectOptionIdentity
ACCESS_PROFILE PreDefinedSelectOptionAccessProfile
SOURCES PreDefinedSelectOptionSources
ROLE PreDefinedSelectOptionRole
ENTITLEMENT PreDefinedSelectOptionEntitlement
enum:
- IDENTITY
- ACCESS_PROFILE
- SOURCES
- ROLE
- ENTITLEMENT
example: IDENTITY
type: string
x-go-enum-desc: |-
IDENTITY PreDefinedSelectOptionIdentity
ACCESS_PROFILE PreDefinedSelectOptionAccessProfile
SOURCES PreDefinedSelectOptionSources
ROLE PreDefinedSelectOptionRole
ENTITLEMENT PreDefinedSelectOptionEntitlement
x-go-name: ObjectType
query:
description: Query is a text
example: '*'
type: string
x-go-name: Query
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
dataSourceType:
description: |-
DataSourceType is a FormElementDataSourceType value
STATIC FormElementDataSourceTypeStatic
INTERNAL FormElementDataSourceTypeInternal
SEARCH FormElementDataSourceTypeSearch
enum:
- STATIC
- INTERNAL
- SEARCH
example: STATIC
type: string
x-go-enum-desc: |-
STATIC FormElementDataSourceTypeStatic
INTERNAL FormElementDataSourceTypeInternal
SEARCH FormElementDataSourceTypeSearch
x-go-name: DataSourceType
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
required: false
responses:
'200':
description: Returns a preview of a form definition data source
content:
application/json:
schema:
description: 'PreviewDataSourceResponse is the response sent by /form-definitions/{formDefinitionID}/data-source endpoint'
properties:
results:
description: Results holds a list of FormElementDataSourceConfigOptions items
example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}'
items:
type: object
properties:
label:
description: Label is the main label to display to the user when selecting this option
type: string
example: regression-test-access-request-07c55dd6-3056-430a-86b5-fccc395bb6c5
x-go-name: Label
subLabel:
description: SubLabel is the sub label to display below the label in diminutive styling to help describe or identify this option
type: string
example: ''
x-go-name: SubLabel
value:
description: Value is the value to save as an entry when the user selects this option
type: string
example: e96674448eba4ca1ba04eee999a8f3cd
x-go-name: Value
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Results
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
/form-definitions/export:
get:
tags:
- Custom Forms
summary: List form definitions by tenant.
description: No parameters required.
operationId: exportFormDefinitionsByTenant
parameters:
- name: offset
in: query
description: |-
Offset
Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
The offset value is record-based, not page-based, and the index starts at 0.
schema:
type: integer
format: int64
default: 0
x-go-name: Offset
example: 0
required: false
x-go-name: Offset
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 250
x-go-name: Limit
example: 250
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, gt, sw, in*
**description**: *eq, gt, sw, in*
**created**: *eq, gt, sw, in*
**modified**: *eq, gt, sw, in*
schema:
type: string
x-go-name: Filters
example: name sw "my form"
required: false
x-go-name: Filters
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, created, modified**
schema:
type: string
default: name
x-go-name: Sorters
example: name
required: false
x-go-name: Sorters
responses:
'200':
description: Returns a list of form definition objects by tenant used by SP-Config
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: Imported/exported object's DTO type.
enum:
- FORM_DEFINITION
example: FORM_DEFINITION
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: Temporary User Level Permissions - Requester
version:
type: integer
x-go-name: Version
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
/form-definitions/forms-action-dynamic-schema:
post:
tags:
- Custom Forms
summary: Generate JSON Schema dynamically.
operationId: createFormDefinitionDynamicSchema
requestBody:
description: Body is the request payload to create a form definition dynamic schema
content:
application/json:
schema:
properties:
attributes:
properties:
formDefinitionId:
description: FormDefinitionID is a unique guid identifying this form definition
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
type: object
x-go-name: Attributes
description:
description: Description is the form definition dynamic schema description text
example: A description
type: string
x-go-name: Description
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: Type is the form definition dynamic schema type
example: action
type: string
x-go-name: Type
versionNumber:
description: VersionNumber is the form definition dynamic schema version number
example: 1
format: int64
type: integer
x-go-name: VersionNumber
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
id: 'sp:forms'
attributes:
formDefinitionId: 00000000-0000-0000-0000-000000000000
description: AnotherDescription
type: action
versionNumber: 1
required: false
responses:
'200':
description: Returns a form elements dynamic schema
content:
application/json:
schema:
properties:
outputSchema:
additionalProperties: {}
description: OutputSchema holds a JSON schema generated dynamically
example:
outputSchema:
$schema: 'https://json-schema.org/draft/2020-12/schema'
additionalProperties: false
properties:
firstName:
title: First Name
type: string
fullName:
title: Full Name
type: string
lastName:
title: Last Name
type: string
startDate:
format: date-time
title: Start Date
type: string
type: object
type: object
x-go-name: OutputSchema
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-definitions/import:
post:
tags:
- Custom Forms
summary: Import form definitions from export.
operationId: importFormDefinitions
requestBody:
description: Body is the request payload to import form definitions
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: string
x-go-name: Self
version:
type: integer
x-go-name: Version
example:
- version: 1
self:
name: All fields not required
id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa
type: FORM_DEFINITION
object:
id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa
name: All fields not required
description: description
owner:
type: IDENTITY
id: 3447d8ec2602455ab6f1e8408a0f0150
usedBy:
- type: WORKFLOW
id: 5008594c-dacc-4295-8fee-41df60477304
- type: WORKFLOW
id: 97e75a75-c179-4fbc-a2da-b5fa4aaa8743
formInput:
- type: STRING
label: input1
description: 'A single dynamic scalar value (i.e. number, string, date, etc) that can be passed into the form for use in conditional logic'
formElements:
- id: '3069272797630701'
elementType: SECTION
config:
label: First Section
formElements:
- id: '3069272797630700'
elementType: TEXT
key: firstName
config:
label: First Name
- id: '3498415402897539'
elementType: TEXT
key: lastName
config:
label: Last Name
formConditions:
- ruleOperator: AND
rules:
- sourceType: INPUT
source: Department
operator: EQ
valueType: STRING
value: Sales
effects:
- effectType: HIDE
config:
element: '2614088730489570'
created: '2022-10-04T19:27:04.456Z'
modified: '2022-11-16T20:45:02.172Z'
required: false
responses:
'202':
description: Returns statuses of those form definition objects imported
content:
application/json:
schema:
type: object
properties:
errors:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Errors
importedObjects:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: Imported/exported object's DTO type.
enum:
- FORM_DEFINITION
example: FORM_DEFINITION
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: Temporary User Level Permissions - Requester
version:
type: integer
x-go-name: Version
x-go-name: ImportedObjects
infos:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Infos
warnings:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Warnings
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/upload':
post:
tags:
- Custom Forms
summary: Upload new form definition file.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: createFormDefinitionFileRequest
parameters:
- name: formDefinitionID
in: path
description: |-
FormDefinitionID
String specifying FormDefinitionID
required: true
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormDefinitionID
x-go-name: FormDefinitionID
requestBody:
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: File specifying the multipart
format: binary
x-go-name: File
encoding:
file:
contentType: 'image/png, image/jpeg'
required: true
responses:
'201':
description: Returns a new form definition file
content:
application/json:
schema:
type: object
properties:
created:
type: string
description: Created is the date the file was uploaded
example: 2023-07-12T20:14:57.744Z
x-go-name: Created
fileId:
type: string
description: fileId is a unique ULID that serves as an identifier for the form definition file
example: 01FHZXHK8PTP9FVK99Z66GXQTX.png
x-go-name: FileID
formDefinitionId:
type: string
description: FormDefinitionID is a unique guid identifying this form definition
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
x-go-package: github.com/sailpoint/sp-forms/internal/rest/response
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'413':
description: An error with payload size too large
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'415':
description: An error with unsupported media type
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/file/{fileID}':
get:
tags:
- Custom Forms
summary: Download definition file by fileId.
operationId: getFileFromS3
parameters:
- name: formDefinitionID
in: path
description: |-
FormDefinitionID
Form definition ID
required: true
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormDefinitionID
x-go-name: FormDefinitionID
- name: fileID
in: path
description: |-
FileID
String specifying the hashed name of the uploaded file we are retrieving.
required: true
example: 00000031N0J7R2B57M8YG73J7M.png
schema:
type: string
x-go-name: FileID
x-go-name: FileID
responses:
'200':
description: Returns a file that is referred to by fileID and associated with the formDefinitionID
content:
application/json:
schema:
type: string
format: binary
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
application/octet-stream:
schema:
type: string
format: binary
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-instances:
get:
tags:
- Custom Forms
summary: List form instances by tenant.
description: No parameters required.
operationId: searchFormInstancesByTenant
responses:
'200':
description: Returns a list of form instances by tenant
content:
application/json:
schema:
type: array
items:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
additionalProperties: {}
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
post:
tags:
- Custom Forms
summary: Creates a form instance.
operationId: createFormInstance
requestBody:
description: Body is the request payload to create a form instance
content:
application/json:
schema:
properties:
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is required
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
formInput:
additionalProperties: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
recipients:
description: Recipients is required
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
state:
description: |-
State is required, if not present initial state is FormInstanceStateAssigned
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
ttl:
description: |-
TTL an epoch timestamp in seconds, it most be in seconds or dynamodb will ignore it
SEE: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-before-you-start.html
example: 1571827560
format: int64
type: integer
x-go-name: TTL
required:
- expire
- recipients
- createdBy
- formDefinitionId
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
expire: '2023-06-20T15:57:55.332882Z'
formDefinitionId: 00000000-0000-0000-0000-000000000000
recipients:
- type: IDENTITY
id: an-identity-id
createdBy:
type: WORKFLOW_EXECUTION
id: a-workflow-execution-id
required: false
responses:
'201':
description: Returns a new form instance
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
additionalProperties: {}
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-instances/{formInstanceID}':
get:
tags:
- Custom Forms
summary: Returns a form instance.
description: 'Parameter `{formInstanceID}` should match a form instance ID.'
operationId: getFormInstanceByKey
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
responses:
'200':
description: Returns a form instance by its key
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
additionalProperties: {}
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth: []
patch:
tags:
- Custom Forms
summary: Patch a form instance.
description: 'Parameter `{formInstanceID}` should match a form instance ID.'
operationId: patchFormInstance
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
requestBody:
description: 'Body is the request payload to patch a form instance, check: https://jsonpatch.com'
content:
application/json:
schema:
title: Patch is an ordered collection of Operations.
description: Patch is an ordered collection of Operations.
type: array
example:
- op: replace
path: /description
value: a new description
items:
title: 'Operation is a single JSON-Patch step, such as a single ''add'' operation.'
type: object
additionalProperties:
type: object
properties: {}
x-go-package: github.com/evanphx/json-patch
x-go-package: github.com/evanphx/json-patch
example:
- op: replace
path: /state
value: SUBMITTED
- op: replace
path: /formData
value:
a-key-1: a-value-1
a-key-2: true
a-key-3: 1
required: false
responses:
'200':
description: Returns the form instance updated
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
additionalProperties: {}
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: {}
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
example:
- validationType: REQUIRED
type: object
properties:
validationType:
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'409':
description: An error with the request property conflicts with stored
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth: []
x-codegen-request-body-name: Body
'/form-instances/{formInstanceID}/data-source/{formElementID}':
get:
tags:
- Custom Forms
summary: Retrieves dynamic data by element.
description: |-
Parameter `{formInstanceID}` should match a form instance ID.
Parameter `{formElementID}` should match a form element ID at the data source configuration.
operationId: searchFormElementDataByElementID
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
- name: formElementID
in: path
description: Form element ID
required: true
schema:
type: string
x-go-name: FormElementID
example: 1
x-go-name: FormElementID
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 250
x-go-name: Limit
example: 250
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**value**: *eq, ne, in*
Supported composite operators: *not*
Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")`
schema:
type: string
x-go-name: Filters
example: value eq "ID01"
required: false
x-go-name: Filters
- name: query
in: query
description: 'String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields.'
schema:
type: string
x-go-name: Query
example: support
required: false
x-go-name: Query
responses:
'200':
description: Retrieves dynamic data to aid in correctly completing a valid form by form element ID from data source configuration
content:
application/json:
schema:
properties:
results:
description: Results holds a list of FormElementDataSourceConfigOptions items
example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}'
items:
type: object
properties:
label:
description: Label is the main label to display to the user when selecting this option
type: string
example: regression-test-access-request-07c55dd6-3056-430a-86b5-fccc395bb6c5
x-go-name: Label
subLabel:
description: SubLabel is the sub label to display below the label in diminutive styling to help describe or identify this option
type: string
example: ''
x-go-name: SubLabel
value:
description: Value is the value to save as an entry when the user selects this option
type: string
example: e96674448eba4ca1ba04eee999a8f3cd
x-go-name: Value
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Results
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth: []
'/form-instances/{formInstanceID}/file/{fileID}':
get:
tags:
- Custom Forms
summary: Download instance file by fileId.
operationId: getFormInstanceFile
parameters:
- name: formInstanceID
in: path
description: |-
FormInstanceID
Form instance ID
required: true
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormInstanceID
x-go-name: FormInstanceID
- name: fileID
in: path
description: |-
FileID
String specifying the hashed name of the uploaded file we are retrieving.
required: true
example: 00000031N0J7R2B57M8YG73J7M.png
schema:
type: string
x-go-name: FileID
x-go-name: FileID
responses:
'200':
description: Returns a file that is referred to by fileID and associated with the formInstanceID
content:
application/json:
schema:
type: string
format: binary
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
application/octet-stream:
schema:
type: string
format: binary
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-definitions/predefined-select-options:
get:
tags:
- Custom Forms
summary: List predefined select options.
description: No parameters required.
operationId: searchPreDefinedSelectOptions
responses:
'200':
description: Returns a list of available predefined select options
content:
application/json:
schema:
type: object
properties:
results:
description: Results holds a list of PreDefinedSelectOption items
type: array
items:
type: string
description: PreDefinedSelectOption pre-defined select options
example: IDENTITY
x-go-package: github.com/sailpoint/sp-forms/domain
x-go-name: Results
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- UserContextAuth:
- 'sp:forms:manage'
'/source-usages/{sourceId}/status':
get:
tags:
- Source Usages
summary: Finds status of source usage
description: This API returns the status of the source usage insights setup by IDN source ID.
operationId: getStatusBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Status of the source usage insights setup by IDN source ID.
content:
application/json:
schema:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-usages/{sourceId}/summaries':
get:
tags:
- Source Usages
summary: Returns source usage insights
description: This API returns a summary of source usage insights for past 12 months.
operationId: getUsagesBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of source usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-usages/{accountId}/summaries':
get:
tags:
- Account Usages
summary: Returns account usage insights
description: This API returns a summary of account usage insights for past 12 months.
operationId: getUsagesByAccountId
parameters:
- name: accountId
in: path
description: ID of IDN account
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of account usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-identity-metrics/{identityId}/requested-objects/{requestedObjectId}/type/{type}':
get:
tags:
- Access Request Identity Metrics
summary: Return access request identity metrics
description: Use this API to return information access metrics.
operationId: getAccessRequestIdentityMetrics
parameters:
- name: identityId
in: path
description: Manager's identity ID.
required: true
schema:
type: string
example: 7025c863-c270-4ba6-beea-edf3cb091573
- name: requestedObjectId
in: path
description: Requested access item's ID.
required: true
schema:
type: string
example: 2db501be-f0fb-4cc5-a695-334133c52891
- name: type
in: path
description: Requested access item's type.
required: true
schema:
type: string
items:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
example: ENTITLEMENT
security:
- UserContextAuth:
- 'idn:access-request-approvals:read'
responses:
'200':
description: Summary of the resource access and source activity for the direct reports of the provided manager.
content:
application/json:
schema:
type: object
items:
type: object
properties:
identitiesWithAccess:
type: integer
format: int64
nullable: true
description: A count of the provided manager's direct reports that have already been granted the access item in question.
example: 8
identitiesWithActivity:
type: integer
format: int64
nullable: true
description: A count of the provided manager's direct reports that have activity within the associated source.
example: 5
totalIdentities:
type: integer
format: int64
nullable: true
description: Total number of identities who share a manager with the identity requesting access.
example: 10
squadAvailable:
type: boolean
default: false
description: True if the manager's ID can be found. False if the manager's ID cannot be found.
example: true
validActivityObject:
type: boolean
default: false
description: 'True if the requested access item is associated with a single Activity Data Insights connector source. False if the requested access item type is a role. If it''s a role, it matches to multiple sources, so a single relevant source can''t be determined for activity metrics.'
example: true
activitySourceConfigured:
type: boolean
default: false
description: True if the Activity Data Insights connector is configured for the source associated with the requested access item. False if the matching Activity Data Insights connector is not configured.
example: true
requestedObjectActive:
type: boolean
default: false
description: True if the requested access item exists and is available. False if the requested access item is either missing or deleted.
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/manual-discover-applications-template:
get:
summary: CSV template download for discovery
tags:
- Application Discovery
description: |
This endpoint allows the user to download an example CSV file with two columns `application_name` and `description`. The CSV file contains a single row with the values 'Example Application' and 'Example Description'.
The downloaded template is specifically designed for use with the `/manual-discover-applications` endpoint.
security:
- UserContextAuth:
- 'idn:application-discovery:read'
operationId: getManualDiscoverApplicationsCsvTemplate
responses:
'200':
description: A CSV file download was successful.
content:
text/csv:
schema:
type: object
properties:
application_name:
type: string
description: Name of the example application.
example: Example Application
description:
type: string
description: Description of the example application.
example: Example Description
example: |
application_name,description
Example Application,Example Description
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/manual-discover-applications:
post:
summary: CSV Upload to discover applications
tags:
- Application Discovery
description: |-
This endpoint supports uploading a CSV file with application data for manual correlation to specific IDN connectors.
If a suitable IDN connector is unavailable, the system will recommend generic connectors instead.
security:
- UserContextAuth:
- 'idn:application-discovery:write'
operationId: sendManualDiscoverApplicationsCsvTemplate
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file to upload containing `application_name` and `description` columns. Each row represents an application to be discovered.
example: |-
application_name,description
"Sample App","This is a sample description for Sample App."
"Another App","Description for Another App."
required:
- file
responses:
'200':
description: The CSV has been successfully processed.
'400':
description: |
Bad request - There was an error with the CSV format or validation failed (e.g., `application_name` missing). Error message should be provided in response.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/discovered-applications:
get:
operationId: getDiscoveredApplications
tags:
- Application Discovery
summary: Retrieve discovered applications for tenant
description: |
Fetches a list of applications that have been identified within the environment. This includes details such as application names, discovery dates, potential correlated saas_vendors and related suggested connectors.
security:
- UserContextAuth:
- 'idn:application-discovery:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filter
schema:
type: string
description: |
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, sw, co*
**description**: *eq, sw, co*
example: name eq "Okta" and description co "Okta"
required: false
style: form
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, discoveredAt, discoverySource**
example: name
responses:
'200':
description: Successfully retrieved list of discovered applications.
content:
application/json:
schema:
type: array
items:
type: array
description: An array of discovered applications for a given tenant
example:
- id: app-123
name: ExampleApp
discoverySource: CSV
discoveredVendor: ExampleVendor
description: An application for managing examples.
recommendedConnectors:
- ConnectorA
- ConnectorB
discoveredTimestamp: '2023-01-01T12:00:00Z'
items:
type: object
properties:
id:
type: string
format: uuid
description: Unique identifier for the discovered application.
example: 2d9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the discovered application.
example: ExampleApp
discoverySource:
type: string
description: Source from which the application was discovered.
example: CSV
discoveredVendor:
type: string
description: The vendor associated with the discovered application.
example: ExampleVendor
description:
type: string
description: A brief description of the discovered application.
example: An application for managing examples.
recommendedConnectors:
type: array
items:
type: string
description: List of recommended connectors for the application.
example:
- ConnectorA
- ConnectorB
discoveredTimestamp:
type: string
format: date-time
description: 'The timestamp when the application was discovered, in ISO 8601 format.'
example: '2023-01-01T12:00:00Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/vendor-connector-mappings:
get:
security:
- UserContextAuth:
- 'idn:application-discovery:read'
operationId: getVendorConnectorMappings
tags:
- Application Discovery
summary: List vendor connector mappings
description: |
Retrieves a list of mappings between SaaS vendors and IDN connectors, detailing the connections established for correlation.
responses:
'200':
description: Successfully retrieved list.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
example:
- id: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor: Example Vendor
connector: Example Connector
createdAt: '2024-03-13T12:56:19.391294Z'
createdBy: admin
updatedAt:
Time: '2024-03-14T12:56:19.391294Z'
Valid: true
updatedBy:
String: user-67891
Valid: true
deletedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
deletedBy:
String: ''
Valid: false
- id: 78733556-9ea3-4f59-bf69-e5cd92b011b5
vendor: Another Corporation
connector: Another Connector
createdAt: '2024-04-13T11:46:19.391294Z'
createdBy: admin
updatedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
updatedBy:
String: ''
Valid: false
deletedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
deletedBy:
String: ''
Valid: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
security:
- UserContextAuth:
- 'idn:application-discovery:write'
operationId: createVendorConnectorMapping
tags:
- Vendor Connector Mappings
summary: Create a vendor connector mapping
description: |
Creates a new mapping between a SaaS vendor and an IDN connector to establish correlation paths.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
responses:
'200':
description: Successfully created a new vendor connector mapping.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- UserContextAuth:
- 'idn:application-discovery:write'
operationId: deleteVendorConnectorMapping
tags:
- Vendor Connector Mappings
summary: Delete a vendor connector mapping
description: |
Soft deletes a mapping between a SaaS vendor and an IDN connector, removing the established correlation.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
responses:
'200':
description: Successfully deleted the specified vendor connector mapping.
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The number of vendor connector mappings successfully deleted.
example: 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/icons/{objectType}/{objectId}':
put:
operationId: setIcon
tags:
- Icons
summary: Update an icon
description: This API endpoint updates an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: objectType
schema:
type: string
required: true
description: 'Object type. Available options [''application'']'
example: application
- in: path
name: objectId
schema:
type: string
required: true
description: Object id.
example: a291e870-48c3-4953-b656-fb5ce2a93169
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- image
properties:
image:
type: string
format: binary
description: 'file with icon. Allowed mime-types [''image/png'', ''image/jpeg'']'
example: \x00\x00\x00\x02
security:
- UserContextAuth:
- 'idn:icons:manage'
responses:
'200':
description: Icon updated
content:
application/json:
schema:
type: object
properties:
icon:
type: string
description: url to file with icon
example: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIcon
tags:
- Icons
summary: Delete an icon
description: This API endpoint delete an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: objectType
schema:
type: string
required: true
description: 'Object type. Available options [''application'']'
example: application
- in: path
name: objectId
schema:
type: string
required: true
description: Object id.
example: a291e870-48c3-4953-b656-fb5ce2a93169
security:
- UserContextAuth:
- 'idn:icons:manage'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/suggested-entitlement-description-batches/{batchId}/stats':
get:
tags:
- Suggested Entitlement Description
operationId: getSedBatchStats
summary: Submit Sed Batch Stats Request
description: |-
Submit Sed Batch Stats Request.
Submits batchId in the path param (e.g. {batchId}/stats). API responses with stats of the batchId.
parameters:
- name: batchId
in: path
description: Batch Id
schema:
type: string
format: uuid
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
required: true
responses:
'200':
description: Stats of Sed batch.
content:
application/json:
schema:
description: Sed Batch Stats
type: object
properties:
batchComplete:
description: batch complete
type: boolean
example: true
default: false
batchId:
description: batch Id
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
discoveredCount:
description: discovered count
format: int64
type: integer
example: 100
discoveryComplete:
description: discovery complete
type: boolean
example: true
default: false
processedCount:
description: processed count
format: int64
example: 100
type: integer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:read'
/suggested-entitlement-description-batches:
get:
tags:
- Suggested Entitlement Description
operationId: getSedBatches
summary: List Sed Batch Request
description: |-
List Sed Batches.
API responses with Sed Batch Status
responses:
'200':
description: Status of batch
content:
application/json:
schema:
description: Sed Batch Status
type: object
properties:
status:
description: status of batch
type: string
example: OK
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:read'
post:
tags:
- Suggested Entitlement Description
operationId: submitSedBatchRequest
summary: Submit Sed Batch Request
description: |-
Submit Sed Batch Request.
Request body has a list of entitlement Ids that user wants to have description generated by LLM. API responses with batchId that groups Ids together
requestBody:
description: Sed Batch Request
content:
application/json-patch+json:
schema:
description: Sed Batch Request
type: object
properties:
entitlements:
description: list of entitlement ids
items:
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
type: array
responses:
'200':
description: Sed Batch Response
content:
application/json:
schema:
description: Sed Batch Response
type: object
properties:
batchId:
description: BatchId that groups all the ids together
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:write'
/suggested-entitlement-description-approvals:
post:
tags:
- Suggested Entitlement Description
summary: Submit Bulk Approval Request
description: |-
Submit Bulk Approval Request for SED.
Request body takes list of SED Ids. API responses with list of SED Approval Status
operationId: submitSedApproval
requestBody:
description: Sed Approval
content:
application/json-patch+json:
schema:
items:
description: Sed Approval Request Body
type: object
properties:
items:
description: List of SED id's
items:
format: uuid
type: string
type: array
example: 016629d1-1d25-463f-97f3-c6686846650
type: array
required: true
responses:
'200':
description: List of SED Approval Status
content:
application/json:
schema:
items:
description: SED Approval Status
type: object
properties:
failedReason:
description: failed reason will be display if status is failed
type: string
example: invalid status
id:
description: Sed id
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
status:
description: SUCCESS | FAILED
example: SUCCESS
type: string
type: array
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:write'
/suggested-entitlement-description-assignments:
post:
tags:
- Suggested Entitlement Description
operationId: submitSedAssignment
summary: Submit Sed Assignment Request
description: |-
Submit Assignment Request.
Request body has an assignee, and list of SED Ids that are assigned to that assignee API responses with batchId that groups all approval requests together
requestBody:
description: Sed Assignment Request
content:
application/json-patch+json:
schema:
description: Sed Assignment
type: object
properties:
assignee:
description: Sed Assignee
type: object
properties:
type:
description: |-
Type of assignment
When value is PERSONA, the value MUST be SOURCE_OWNER or ENTITLEMENT_OWNER
IDENTITY SED_ASSIGNEE_IDENTITY_TYPE
GROUP SED_ASSIGNEE_GROUP_TYPE
SOURCE_OWNER SED_ASSIGNEE_SOURCE_OWNER_TYPE
ENTITLEMENT_OWNER SED_ASSIGNEE_ENTITLEMENT_OWNER_TYPE
enum:
- IDENTITY
- GROUP
- SOURCE_OWNER
- ENTITLEMENT_OWNER
type: string
example: SOURCE_OWNER
value:
description: |-
Identity or Group identifier
Empty when using source/entitlement owner personas
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
required:
- type
items:
description: List of SED id's
items:
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
type: array
required: true
responses:
'202':
description: Sed Assignment Response
content:
application/json:
schema:
description: Sed Assignment Response
type: object
properties:
batchId:
description: BatchId that groups all the ids together
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:write'
/suggested-entitlement-descriptions:
get:
tags:
- Suggested Entitlement Description
operationId: listSeds
summary: List Suggested Entitlement Description
description: List of Suggested Entitlement Description
parameters:
- description: |-
Integer specifying the maximum number of records to return in a single API call.
The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used.
schema:
format: int64
type: integer
in: query
name: limit
example: limit=0
- description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**batchId**: *eq*
**status**: *eq, ne, in*
**displayName**: *eq, co*
in: query
name: filters
example: displayName co "Read and Write"
schema:
type: string
- description: |-
If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored.
The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
Since requesting a total count can have a performance impact, it is recommended not to send `count=true` if that value will not be used.
in: query
name: count
example: count=true
schema:
type: boolean
- description: |-
If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored.
This parameter differs from the Coun parameter in that this one skip executing the actual query and always return an empty array.
in: query
name: count-only
example: count-only=true
schema:
type: boolean
- description: |-
By default, the ListSeds API will only return items that you have requested to be generated.
This option will allow you to see all items that have been requested
in: query
name: requested-by-anyone
example: requested-by-anyone=true
schema:
type: boolean
- description: Will limit records to items that are in "suggested" or "approved" status
in: query
name: show-pending-status-only
example: show-pending-status-only=true
schema:
type: boolean
responses:
'200':
description: List of Suggested Entitlement Details
content:
application/json:
schema:
items:
description: Suggested Entitlement Description
type: object
properties:
Name:
type: string
description: name of the entitlement
example: BatchInvoiceProcessing
approved_by:
type: string
description: entitlement approved by
example: 2c918086-76de-afbf-0176-f6d28f65565a
approved_type:
type: string
description: entitlement approved type
example: admin
approved_when:
format: date-time
type: string
example: 2024-03-22T16:32:16.308Z
description: entitlement approved then
attribute:
type: string
description: entitlement attribute
example: Role
description:
type: string
description: description of entitlement
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable procedures.
displayName:
type: string
description: entitlement display name
example: AWS-Cloud-Billing
id:
format: uuid
type: string
description: sed id
example: ead281ee-12a9-40ac-9534-36b5d7d65d53
sourceId:
type: string
description: entitlement source id
example: 103f567b93ee49b991c40f9412f87643
sourceName:
type: string
description: entitlement source name
example: IDN Salesforce
status:
type: string
description: entitlement status
example: suggested
suggestedDescription:
type: string
description: llm suggested entitlement description
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable
type:
type: string
description: entitlement type
example: group
value:
type: string
description: entitlement value
example: group
type: array
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:read'
patch:
tags:
- Suggested Entitlement Description
operationId: patchSed
summary: Patch Suggested Entitlement Description
description: Patch Suggested Entitlement Description
parameters:
- description: id is sed id
in: path
name: id
example: ebab396f-0af1-4050-89b7-dafc63ec70e7
required: true
schema:
type: string
format: uuid
requestBody:
description: Sed Patch Request
content:
application/json-patch+json:
schema:
items:
description: Patch for Suggested Entitlement Description
type: object
properties:
op:
description: desired operation
type: string
example: replace
path:
description: field to be patched
type: string
example: status
value:
description: value to replace with
example: approved
type: array
required: true
responses:
'200':
description: detail of patched sed
content:
application/json:
schema:
description: Suggested Entitlement Description
type: object
properties:
Name:
type: string
description: name of the entitlement
example: BatchInvoiceProcessing
approved_by:
type: string
description: entitlement approved by
example: 2c918086-76de-afbf-0176-f6d28f65565a
approved_type:
type: string
description: entitlement approved type
example: admin
approved_when:
format: date-time
type: string
example: 2024-03-22T16:32:16.308Z
description: entitlement approved then
attribute:
type: string
description: entitlement attribute
example: Role
description:
type: string
description: description of entitlement
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable procedures.
displayName:
type: string
description: entitlement display name
example: AWS-Cloud-Billing
id:
format: uuid
type: string
description: sed id
example: ead281ee-12a9-40ac-9534-36b5d7d65d53
sourceId:
type: string
description: entitlement source id
example: 103f567b93ee49b991c40f9412f87643
sourceName:
type: string
description: entitlement source name
example: IDN Salesforce
status:
type: string
description: entitlement status
example: suggested
suggestedDescription:
type: string
description: llm suggested entitlement description
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable
type:
type: string
description: entitlement type
example: group
value:
type: string
description: entitlement value
example: group
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:sed:write'